Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

2,904 advisories

Loading
OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri High
CVE-2026-48054 was published for @openzeppelin/wizard (npm) Jun 11, 2026
232-323 Credited to 232-323 and knm6777 knm6777 knm6777
PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing High
CVE-2026-47781 was published for pdm (pip) Jun 11, 2026
xuemian168 Credited to xuemian168
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an... High Unreviewed
CVE-2026-47292 was published Jun 9, 2026
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an... High Unreviewed
CVE-2026-45583 was published Jun 9, 2026
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote... High Unreviewed
CVE-2026-11688 was published Jun 9, 2026
nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml High
CVE-2026-47722 was published for github.com/juev/nebula-mesh (Go) Jun 8, 2026
ak2k Credited to ak2k
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability... High Unreviewed
CVE-2026-25856 was published Jun 8, 2026
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(),... High Unreviewed
CVE-2026-49493 was published Jun 5, 2026
DbGate: Remote Code Execution via functionName injection in loadReader endpoint High
CVE-2026-48017 was published for dbgate-api (npm) Jun 5, 2026
romain-deperne Credited to romain-deperne
Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53... High Unreviewed
CVE-2026-11231 was published Jun 5, 2026
Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to... High Unreviewed
CVE-2026-10928 was published Jun 5, 2026
browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler High
CVE-2026-49143 was published for browserstack-runner (npm) Jun 3, 2026
Christbowel Credited to Christbowel
Docling: Unsafe Playwright-based HTML Rendering High
CVE-2026-44016 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2026-1829 was published Jun 2, 2026
PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334 High
CVE-2026-47398 was published for PraisonAI (pip) May 29, 2026
SnailSploit Credited to SnailSploit
axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge High
CVE-2026-44495 was published for axios (npm) May 29, 2026
August829 Credited to August829
Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote... High Unreviewed
CVE-2026-9976 was published May 29, 2026
Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote... High Unreviewed
CVE-2026-9938 was published May 29, 2026
compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI) High
CVE-2026-46439 was published for compliance-trestle (pip) May 28, 2026
l3tchupkt Credited to l3tchupkt
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote... High Unreviewed
CVE-2026-37712 was published May 27, 2026
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote... High Unreviewed
CVE-2026-37711 was published May 27, 2026
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote... High Unreviewed
CVE-2026-37713 was published May 27, 2026
The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions... High Unreviewed
CVE-2026-6169 was published May 27, 2026
The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin... High Unreviewed
CVE-2026-8832 was published May 27, 2026
FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection High
CVE-2026-43945 was published for @frangoteam/fuxa (npm) May 26, 2026
ud444ng Credited to ud444ng
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database