Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

5,137 advisories

Loading
The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets... High Unreviewed
CVE-2026-2052 was published May 2, 2026
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary... High Unreviewed
CVE-2026-6543 was published May 1, 2026
i18nextify has DOM XSS via javascript:/data: URL schemes in translated href/src attributes Moderate
CVE-2026-41692 was published for i18nextify (npm) Apr 22, 2026
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary... High Unreviewed
CVE-2026-36340 was published Apr 30, 2026
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter... Critical Unreviewed
CVE-2026-38992 was published Apr 29, 2026
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit... High Unreviewed
CVE-2026-34965 was published Apr 29, 2026
AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute... High Unreviewed
CVE-2026-7466 was published Apr 29, 2026
n8n has a Python Task Runner Sandbox Escape Vulnerability High
CVE-2026-42234 was published for n8n (npm) Apr 29, 2026
dorjoos Credited to dorjoos
SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file... Critical Unreviewed
CVE-2026-5760 was published Apr 20, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced... Critical Unreviewed
CVE-2024-31266 was published Apr 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti... Critical Unreviewed
CVE-2024-22144 was published Apr 25, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance... Critical Unreviewed
CVE-2024-31390 was published Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL.... Critical Unreviewed
CVE-2024-24707 was published Apr 3, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode... Critical Unreviewed
CVE-2023-47840 was published Dec 29, 2023
Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr... Critical Unreviewed
CVE-2023-25054 was published Dec 29, 2023
Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra... Critical Unreviewed
CVE-2023-49830 was published Dec 29, 2023
Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter... Critical Unreviewed
CVE-2023-45751 was published Dec 29, 2023
Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This... Critical Unreviewed
CVE-2023-46623 was published Dec 29, 2023
Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D... Critical Unreviewed
CVE-2023-51420 was published Dec 29, 2023
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements... Critical Unreviewed
CVE-2023-39157 was published Dec 31, 2023
Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress... Critical Unreviewed
CVE-2023-40606 was published Dec 29, 2023
Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet... High Unreviewed
CVE-2023-22677 was published Dec 29, 2023
Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinić Rename... Critical Unreviewed
CVE-2023-32095 was published Dec 29, 2023
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer... Critical Unreviewed
CVE-2026-27760 was published Apr 28, 2026
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object... High Unreviewed
CVE-2026-40967 was published Apr 28, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database