Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5,300 advisories

Loading
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows... Critical Unreviewed
CVE-2026-45833 was published Jun 12, 2026
OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri High
CVE-2026-48054 was published for @openzeppelin/wizard (npm) Jun 11, 2026
232-323 Credited to 232-323 and knm6777 knm6777 knm6777
PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing High
CVE-2026-47781 was published for pdm (pip) Jun 11, 2026
xuemian168 Credited to xuemian168
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a... Unknown Unreviewed
CVE-2026-50223 was published Jun 11, 2026
PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground Critical
CVE-2026-8467 was published for phoenix_storybook (Erlang) Jun 9, 2026
maennchen Credited to maennchen, ndelphit, cnkk, and cblavier ndelphit ndelphit
cnkk cnkk cblavier cblavier
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an... High Unreviewed
CVE-2026-47292 was published Jun 9, 2026
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an... High Unreviewed
CVE-2026-45583 was published Jun 9, 2026
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated... Moderate Unreviewed
CVE-2026-0414 was published Jun 9, 2026
WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that... Critical Unreviewed
CVE-2017-20251 was published Jun 9, 2026
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote... High Unreviewed
CVE-2026-11688 was published Jun 9, 2026
nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml High
CVE-2026-47722 was published for github.com/juev/nebula-mesh (Go) Jun 8, 2026
ak2k Credited to ak2k
Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin Critical
CVE-2026-47252 was published for github.com/julien040/anyquery/plugins/brave (Go) Jun 8, 2026
232-323 Credited to 232-323
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability... High Unreviewed
CVE-2026-25856 was published Jun 8, 2026
actual Allows Electron to Run As Node Moderate
CVE-2026-42890 was published for actual (npm) Jun 8, 2026
mustafa-sec Credited to mustafa-sec
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(),... High Unreviewed
CVE-2026-49493 was published Jun 5, 2026
DbGate: Remote Code Execution via functionName injection in loadReader endpoint High
CVE-2026-48017 was published for dbgate-api (npm) Jun 5, 2026
romain-deperne Credited to romain-deperne
DbGate: Unauthenticated Remote Code Execution via JSON Script Runner Critical
CVE-2026-47668 was published for dbgate-serve (npm) Jun 5, 2026
benharvey-sage Credited to benharvey-sage
Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53... High Unreviewed
CVE-2026-11231 was published Jun 5, 2026
Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who... Moderate Unreviewed
CVE-2026-11157 was published Jun 5, 2026
Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to... High Unreviewed
CVE-2026-10928 was published Jun 5, 2026
browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler High
CVE-2026-49143 was published for browserstack-runner (npm) Jun 3, 2026
Christbowel Credited to Christbowel
Docling: Unsafe Playwright-based HTML Rendering High
CVE-2026-44016 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2026-1829 was published Jun 2, 2026
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter... Critical Unreviewed
CVE-2026-47117 was published Jun 2, 2026
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by... Critical Unreviewed
CVE-2026-9311 was published Jun 1, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database