Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

247 advisories

Loading
Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering Critical
CVE-2026-44182 was published for jupyter_enterprise_gateway (pip) Jun 3, 2026
ben-elttam Credited to ben-elttam and lresende lresende lresende
The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote... Critical Unreviewed
CVE-2026-6279 was published May 21, 2026
Marten has an injection vulnerability in its full-text search regConfig parameter Critical
CVE-2026-45288 was published for Marten (NuGet) May 14, 2026
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses Critical
CVE-2026-25641 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
cristianstaicu Credited to cristianstaicu
@nyariv/sandboxjs has a Sandbox Escape vulnerability Critical
CVE-2026-25587 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras Credited to c0rydoras
@nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution Critical
CVE-2026-25586 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
sofianeelhor Credited to sofianeelhor
@nyariv/sandboxjs has a Sandbox Escape issue Critical
CVE-2026-25520 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras Credited to c0rydoras
Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before... Critical Unreviewed
CVE-2024-27708 was published Dec 22, 2025
Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via... Critical Unreviewed
CVE-2025-55343 was published Nov 5, 2025
Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output... Critical Unreviewed
CVE-2025-8276 was published Sep 16, 2025
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute... Critical Unreviewed
CVE-2025-56266 was published Sep 8, 2025
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center... Critical Unreviewed
CVE-2025-20265 was published Aug 14, 2025
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed
CVE-2025-20337 was published Jul 16, 2025
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed
CVE-2025-20281 was published Jun 26, 2025
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over... Critical Unreviewed
CVE-2025-32711 was published Jun 11, 2025
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi Credited to hakivvi, lucasmrod, getvictor, rh-colbymorgan, and jeffssh lucasmrod lucasmrod
getvictor getvictor rh-colbymorgan rh-colbymorgan jeffssh jeffssh
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO:... Critical Unreviewed
CVE-2022-31631 was published Feb 13, 2025
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header Critical
GHSA-c2p2-hgjg-9r3f was published for islandora/crayfish (Composer) Feb 12, 2025
xbow-security Credited to xbow-security
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Critical Unreviewed
CVE-2025-22978 was published Feb 3, 2025
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39784 was published Jan 14, 2025
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39785 was published Jan 14, 2025
A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000... Critical Unreviewed
CVE-2024-36295 was published Jan 14, 2025
A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink... Critical Unreviewed
CVE-2024-34544 was published Jan 14, 2025
A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink... Critical Unreviewed
CVE-2024-39604 was published Jan 14, 2025
A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink... Critical Unreviewed
CVE-2024-21797 was published Jan 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database