Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

5,137 advisories

Loading
The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets... High Unreviewed
CVE-2026-2052 was published May 2, 2026
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary... High Unreviewed
CVE-2026-6543 was published May 1, 2026
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary... High Unreviewed
CVE-2026-36340 was published Apr 30, 2026
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit... High Unreviewed
CVE-2026-34965 was published Apr 29, 2026
AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute... High Unreviewed
CVE-2026-7466 was published Apr 29, 2026
n8n has a Python Task Runner Sandbox Escape Vulnerability High
CVE-2026-42234 was published for n8n (npm) Apr 29, 2026
dorjoos Credited to dorjoos
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter... Critical Unreviewed
CVE-2026-38992 was published Apr 29, 2026
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer... Critical Unreviewed
CVE-2026-27760 was published Apr 28, 2026
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object... High Unreviewed
CVE-2026-40967 was published Apr 28, 2026
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE)... Critical Unreviewed
CVE-2026-6951 was published Apr 25, 2026
Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization High
CVE-2026-41486 was published for ray (pip) Apr 24, 2026
shakevsky Credited to shakevsky
Contour has Lua code injection via Cookie Path Rewrite Policy High
CVE-2026-41246 was published for github.com/projectcontour/contour (Go) Apr 24, 2026
b0b0haha Credited to b0b0haha and kodareef5 kodareef5 kodareef5
OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment High
CVE-2026-41900 was published for openlearnx (npm) Apr 23, 2026
krrazee Credited to krrazee, 0x5t4l1n, and harriiinnii 0x5t4l1n 0x5t4l1n
harriiinnii harriiinnii
An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2026-39087 was published Apr 23, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC... Critical Unreviewed
CVE-2026-39440 was published Apr 23, 2026
A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint ... Moderate Unreviewed
CVE-2026-3960 was published Apr 23, 2026
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action... Moderate Unreviewed
CVE-2026-1509 was published Apr 22, 2026
Nuclei: Environment variable disclosure via Response-Derived DSL Expressions Moderate
CVE-2026-41645 was published for github.com/projectdiscovery/nuclei/v3 (Go) Apr 22, 2026
gnuletik Credited to gnuletik
i18nextify has DOM XSS via javascript:/data: URL schemes in translated href/src attributes Moderate
CVE-2026-41692 was published for i18nextify (npm) Apr 22, 2026
An attacker can send a notify request that causes a new secondary domain to be added to the bind... High Unreviewed
CVE-2026-33608 was published Apr 22, 2026
Dolibarr Allows Code Injection through its Website Module High
CVE-2026-31018 was published for dolibarr/dolibarr (Composer) Apr 21, 2026
Spinnaker: RCE via expression parsing due to unrestricted context handling Critical
CVE-2026-32613 was published for io.spinnaker.echo:echo-pipelinetriggers (Maven) Apr 21, 2026
LeftenantZero Credited to LeftenantZero and jasonmcintosh jasonmcintosh jasonmcintosh
Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where... Critical Unreviewed
CVE-2026-39918 was published Apr 20, 2026
A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function... Moderate Unreviewed
CVE-2026-6652 was published Apr 20, 2026
SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file... Critical Unreviewed
CVE-2026-5760 was published Apr 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database