Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5,300 advisories

Loading
DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval Critical
CVE-2026-45311 was published for deepseek-tui (npm) May 14, 2026
47Cid Credited to 47Cid
Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark Critical
CVE-2026-45058 was published for electerm (npm) May 14, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
Improper Control of Generation of Code ('Code Injection') vulnerability in Yordam Information... High Unreviewed
CVE-2025-15024 was published May 14, 2026
Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim,... Moderate Unreviewed
CVE-2025-69443 was published May 14, 2026
FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape Critical
CVE-2026-46442 was published for flowise (npm) May 14, 2026
ESPanda666 Credited to ESPanda666
CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration High
CVE-2026-41249 was published for coreshop/core-shop (Composer) May 14, 2026
smiotani-aeyesec Credited to smiotani-aeyesec
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7,... Moderate Unreviewed
CVE-2025-12669 was published May 14, 2026
A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly... High Unreviewed
CVE-2026-0236 was published May 13, 2026
claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh High
CVE-2026-45136 was published for claude-code-cache-fix (npm) May 13, 2026
schuay Credited to schuay
Mapfish Print: Remote Code Injection (RCE) in Dynamic table Critical
CVE-2026-44672 was published for org.mapfish.print:print-lib (Maven) May 13, 2026
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console... High Unreviewed
CVE-2026-43680 was published May 13, 2026
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary... Moderate Unreviewed
CVE-2025-15463 was published May 13, 2026
Wing FTP Server 8.1.2 contains an authenticated remote code execution vulnerability in the... High Unreviewed
CVE-2026-44403 was published May 12, 2026
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space... High Unreviewed
CVE-2026-8429 was published May 12, 2026
SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space... Critical Unreviewed
CVE-2026-8430 was published May 12, 2026
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises)... Critical Unreviewed
CVE-2026-42898 was published May 12, 2026
Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an... High Unreviewed
CVE-2026-41094 was published May 12, 2026
llm CLI tool contains a code injection vulnerability via `--functions` command-line argument Critical
CVE-2026-31236 was published for llm (pip) May 12, 2026
Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism Critical
CVE-2026-31233 was published for guardrails-ai (pip) May 12, 2026
Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell... Critical Unreviewed
CVE-2026-31231 was published May 12, 2026
PySyft server-side arbitrary Python execution after code approval Critical
CVE-2026-31220 was published for syft (pip) May 12, 2026
Superduper: Remote code execution via unsafe eval in superduper query parsing High
CVE-2026-31225 was published for superduper-framework (pip) May 12, 2026
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution... Critical Unreviewed
CVE-2026-31228 was published May 12, 2026
An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a... Critical Unreviewed
CVE-2025-65719 was published May 12, 2026
The _load_model() function in the neural_magic_training.py script of the optimate project in... Critical Unreviewed
CVE-2026-31217 was published May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database