Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

247 advisories

Loading
Marten has an injection vulnerability in its full-text search regConfig parameter Critical
CVE-2026-45288 was published for Marten (NuGet) May 14, 2026
Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output... Critical Unreviewed
CVE-2025-8276 was published Sep 16, 2025
Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering Critical
CVE-2026-44182 was published for jupyter_enterprise_gateway (pip) Jun 3, 2026
ben-elttam Credited to ben-elttam and lresende lresende lresende
The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote... Critical Unreviewed
CVE-2026-6279 was published May 21, 2026
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Critical Unreviewed
CVE-2023-44373 was published Nov 14, 2023
LibreNMS Information Disclosure Critical
CVE-2019-10665 was published for librenms/librenms (Composer) May 24, 2022
EMSeek Credited to EMSeek
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over... Critical Unreviewed
CVE-2025-32711 was published Jun 11, 2025
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses Critical
CVE-2026-25641 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
cristianstaicu Credited to cristianstaicu
@nyariv/sandboxjs has a Sandbox Escape vulnerability Critical
CVE-2026-25587 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras Credited to c0rydoras
@nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution Critical
CVE-2026-25586 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
sofianeelhor Credited to sofianeelhor
@nyariv/sandboxjs has a Sandbox Escape issue Critical
CVE-2026-25520 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras Credited to c0rydoras
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi Credited to hakivvi, lucasmrod, getvictor, rh-colbymorgan, and jeffssh lucasmrod lucasmrod
getvictor getvictor rh-colbymorgan rh-colbymorgan jeffssh jeffssh
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Critical Unreviewed
CVE-2025-22978 was published Feb 3, 2025
Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before... Critical Unreviewed
CVE-2024-27708 was published Dec 22, 2025
Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via... Critical Unreviewed
CVE-2025-55343 was published Nov 5, 2025
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39784 was published Jan 14, 2025
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39785 was published Jan 14, 2025
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11... Critical Unreviewed
CVE-2022-0582 was published Feb 15, 2022
Code injection in Apache Struts Critical
CVE-2013-2251 was published for org.apache.struts:struts2-core (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Remote Code Execution in Spring Framework Critical
CVE-2022-22965 was published for org.springframework.boot:spring-boot-starter-web (Maven) Mar 31, 2022
rotilho Credited to rotilho, cdupuis, and briandealwis cdupuis cdupuis
briandealwis briandealwis
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed
CVE-2025-20337 was published Jul 16, 2025
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed
CVE-2025-20281 was published Jun 26, 2025
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2022-26134 was published Jun 4, 2022
Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data... Critical Unreviewed
CVE-2023-22527 was published Jan 16, 2024
There was a server-side template injection vulnerability in Jira Server and Data Center, in the... Critical Unreviewed
CVE-2019-11581 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database