Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

2,911 advisories

Loading
Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced... High Unreviewed
CVE-2026-54816 was published Jun 17, 2026
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions. High Unreviewed
CVE-2026-49113 was published Jun 17, 2026
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft ... High Unreviewed
CVE-2026-46851 was published Jun 17, 2026
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful... High Unreviewed
CVE-2026-24155 was published Jun 16, 2026
vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution High
CVE-2026-41523 was published for vllm (pip) Jun 16, 2026
pierreolivierbonin Credited to pierreolivierbonin and jperezdealgaba jperezdealgaba jperezdealgaba
protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names High
CVE-2026-54271 was published for protobufjs-cli (npm) Jun 15, 2026
JacobBrackett Credited to JacobBrackett and dcodeIO dcodeIO dcodeIO
Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring... High Unreviewed
CVE-2026-11860 was published Jun 15, 2026
OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri High
CVE-2026-48054 was published for @openzeppelin/wizard (npm) Jun 11, 2026
232-323 Credited to 232-323 and knm6777 knm6777 knm6777
PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing High
CVE-2026-47781 was published for pdm (pip) Jun 11, 2026
xuemian168 Credited to xuemian168
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an... High Unreviewed
CVE-2026-47292 was published Jun 9, 2026
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an... High Unreviewed
CVE-2026-45583 was published Jun 9, 2026
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote... High Unreviewed
CVE-2026-11688 was published Jun 9, 2026
nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml High
CVE-2026-47722 was published for github.com/juev/nebula-mesh (Go) Jun 8, 2026
ak2k Credited to ak2k
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability... High Unreviewed
CVE-2026-25856 was published Jun 8, 2026
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(),... High Unreviewed
CVE-2026-49493 was published Jun 5, 2026
DbGate: Remote Code Execution via functionName injection in loadReader endpoint High
CVE-2026-48017 was published for dbgate-api (npm) Jun 5, 2026
romain-deperne Credited to romain-deperne
Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53... High Unreviewed
CVE-2026-11231 was published Jun 5, 2026
Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to... High Unreviewed
CVE-2026-10928 was published Jun 5, 2026
browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler High
CVE-2026-49143 was published for browserstack-runner (npm) Jun 3, 2026
Christbowel Credited to Christbowel
Docling: Unsafe Playwright-based HTML Rendering High
CVE-2026-44016 was published for docling (pip) Jun 3, 2026
brodmart Credited to brodmart
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2026-1829 was published Jun 2, 2026
PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334 High
CVE-2026-47398 was published for PraisonAI (pip) May 29, 2026
SnailSploit Credited to SnailSploit
axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge High
CVE-2026-44495 was published for axios (npm) May 29, 2026
August829 Credited to August829
Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote... High Unreviewed
CVE-2026-9976 was published May 29, 2026
Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote... High Unreviewed
CVE-2026-9938 was published May 29, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database