Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,234 advisories

Loading
An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup... Critical Unreviewed
CVE-2026-30643 was published Apr 1, 2026
There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character... Critical Unreviewed
CVE-2024-40489 was published Apr 1, 2026
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection... Critical Unreviewed
CVE-2026-29014 was published Apr 1, 2026
SiYuan: Stored XSS in Attribute View Gallery/Kanban Cover Rendering Allows Arbitrary Command Execution in Desktop Client Critical
CVE-2026-34448 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 31, 2026
ngocnn97 Credited to ngocnn97
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code... Critical Unreviewed
CVE-2026-3300 was published Mar 31, 2026
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template... Critical Unreviewed
CVE-2026-4257 was published Mar 31, 2026
Roo Code's command auto-approval module contains a critical OS command injection vulnerability... Critical Unreviewed
CVE-2026-30307 was published Mar 30, 2026
Syntx's command auto-approval module contains a critical OS command injection vulnerability that... Critical Unreviewed
CVE-2026-30305 was published Mar 30, 2026
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability... Critical Unreviewed
CVE-2026-30313 was published Mar 30, 2026
In its design for automatic terminal command execution, HAI Build Code Generator offers two... Critical Unreviewed
CVE-2026-30308 was published Mar 30, 2026
In its design for automatic terminal command execution, SakaDev offers two options: Execute safe... Critical Unreviewed
CVE-2026-30306 was published Mar 30, 2026
CrewAI does not properly check that Docker is still running during runtime, and will fall back to... Critical Unreviewed
CVE-2026-2287 was published Mar 30, 2026
Zebra node crash — V5 transaction hash panic (P2P reachable) Critical
CVE-2026-34202 was published for zebra-chain (Rust) Mar 27, 2026
robustfengbin Credited to robustfengbin, arya2, conradoplg, upbqdn, mpguerra, and alchemydc arya2 arya2
conradoplg conradoplg upbqdn upbqdn mpguerra mpguerra alchemydc alchemydc
Handlebars.js has JavaScript Injection via AST Type Confusion Critical
CVE-2026-33937 was published for handlebars (npm) Mar 27, 2026
RealHurrison Credited to RealHurrison
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote... Critical Unreviewed
CVE-2026-27876 was published Mar 27, 2026
Spring AI: SpEL injection is triggered when a user-supplied value is used as a filter expression key Critical
CVE-2026-22738 was published for org.springframework.ai:spring-ai-vector-store (Maven) Mar 27, 2026
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to... Critical Unreviewed
CVE-2026-30457 was published Mar 26, 2026
Langflow has Authenticated Code Execution in Agentic Assistant Validation Critical
CVE-2026-33873 was published for langflow (pip) Mar 26, 2026
kexinoh Credited to kexinoh and andifilhohub andifilhohub andifilhohub
n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode Critical
CVE-2026-33660 was published for n8n (npm) Mar 25, 2026
duddnr0615k Credited to duddnr0615k, simonkoeck, c0rydoras, and nil340 simonkoeck simonkoeck
c0rydoras c0rydoras nil340 nil340
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio... Critical Unreviewed
CVE-2026-32573 was published Mar 25, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters... Critical Unreviewed
CVE-2026-32525 was published Mar 25, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart... Critical Unreviewed
CVE-2026-25447 was published Mar 25, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll... Critical Unreviewed
CVE-2026-27044 was published Mar 25, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad... Critical Unreviewed
CVE-2026-25366 was published Mar 25, 2026
thumbler allows OS Command Injection Critical
CVE-2026-26833 was published for thumbler (npm) Mar 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database