Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,234 advisories

Loading
Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell... Critical Unreviewed
CVE-2026-31231 was published May 12, 2026
Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism Critical
CVE-2026-31233 was published for guardrails-ai (pip) May 12, 2026
An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a... Critical Unreviewed
CVE-2025-65719 was published May 12, 2026
PySyft server-side arbitrary Python execution after code approval Critical
CVE-2026-31220 was published for syft (pip) May 12, 2026
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution... Critical Unreviewed
CVE-2026-31228 was published May 12, 2026
The _load_model() function in the neural_magic_training.py script of the optimate project in... Critical Unreviewed
CVE-2026-31217 was published May 12, 2026
SandboxJS has a sandbox escape via Function.caller leakage of internal call op Critical
CVE-2026-43898 was published for @nyariv/sandboxjs (npm) May 11, 2026
Macabely Credited to Macabely
PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection Critical
CVE-2026-44336 was published for PraisonAI (pip) May 11, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
Electerm users can run dangrous code through link or command line Critical
CVE-2026-43944 was published for electerm (npm) May 8, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE Critical
CVE-2026-44670 was published for github.com/siyuan-note/siyuan/kernel (Go) May 8, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE... Critical Unreviewed
CVE-2025-67887 was published May 8, 2026
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content... Critical Unreviewed
CVE-2026-36458 was published May 7, 2026
next-npm-version is vulnerable to Command injection Critical
CVE-2025-63706 was published for @jswork/next-npm-version (npm) May 7, 2026
Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2. Critical Unreviewed
CVE-2026-8094 was published May 7, 2026
vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape Critical
CVE-2026-44005 was published for vm2 (npm) May 7, 2026
hongancalif Credited to hongancalif
vm2 Access to Host Object Enables Sandbox Escape Critical
CVE-2026-43997 was published for vm2 (npm) May 7, 2026
c0rydoras Credited to c0rydoras
vm2 has a Sandbox Escape Vulnerability Critical
CVE-2026-44006 was published for vm2 (npm) May 7, 2026
c0rydoras Credited to c0rydoras
Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code Execution by admin users Critical
CVE-2026-42555 was published for com.ritense.valtimo:case (Maven) May 6, 2026
Scramble vulnerable to remote code execution via evaluation of user-controlled input in validation rules Critical
CVE-2026-44262 was published for dedoc/scramble (Composer) May 6, 2026
FORIMOC Credited to FORIMOC
Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore Critical
CVE-2026-42238 was published for github.com/0xJacky/nginx-ui (Go) May 6, 2026
captain99hook Credited to captain99hook
Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature Critical
CVE-2026-42607 was published for getgrav/grav (Composer) May 5, 2026
akgul7990 Credited to akgul7990
ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker... Critical Unreviewed
CVE-2026-38431 was published May 5, 2026
VM2 Has a WASM Sandbox Escape Critical
CVE-2026-26956 was published for vm2 (npm) May 5, 2026
0x5t Credited to 0x5t and Wenxin-Jiang Wenxin-Jiang Wenxin-Jiang
VM2 Has a Sandbox Escape Issue via SuppressedError Critical
CVE-2026-26332 was published for vm2 (npm) May 5, 2026
VM2 Has Sandbox Breakout Through Inspect Function Critical
CVE-2026-24781 was published for vm2 (npm) May 5, 2026
XmiliaH Credited to XmiliaH
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database