GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
1,219 advisories
PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
Critical
CVE-2026-8467
was published
for
phoenix_storybook
(Erlang)
Jun 9, 2026
Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin
Critical
CVE-2026-47252
was published
for
github.com/julien040/anyquery/plugins/brave
(Go)
Jun 8, 2026
DbGate: Unauthenticated Remote Code Execution via JSON Script Runner
Critical
CVE-2026-47668
was published
for
dbgate-serve
(npm)
Jun 5, 2026
amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection
Critical
CVE-2026-8838
was published
for
redshift-connector
(pip)
May 29, 2026
Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection
Critical
CVE-2026-46621
was published
for
org.yamcs:yamcs-core
(Maven)
May 27, 2026
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override
Critical
CVE-2026-46562
was published
for
org.yamcs:yamcs-core
(Maven)
May 27, 2026
Langroid has Prompt to SQL Injection, Leading to RCE
Critical
CVE-2026-25879
was published
for
langroid
(pip)
May 27, 2026
LiquidJS is Vulnerable to Remote Code Execution
Critical
CVE-2026-45618
was published
for
liquidjs
(npm)
May 27, 2026
Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`
Critical
CVE-2026-44632
was published
for
org.yamcs:yamcs-core
(Maven)
May 27, 2026
Formie: Pre-authenticated server-side template injection in Hidden fields
Critical
CVE-2026-45697
was published
for
verbb/formie
(Composer)
May 18, 2026
ProTip!
Advisories are also available from the
GraphQL API