Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

121 advisories

Loading
Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass Moderate
CVE-2026-32695 was published for github.com/traefik/traefik/v2 (Go) Mar 27, 2026
b-hermes Credited to b-hermes
Rails Active Storage has possible glob injection in its DiskService Moderate
CVE-2026-33202 was published for activestorage (RubyGems) Mar 23, 2026
h3: SSE Event Injection via Unsanitized Carriage Return (`\r`) in EventStream Data and Comment Fields (Bypass of CVE Fix) Moderate
GHSA-4hxc-9384-m385 was published for h3 (npm) Mar 20, 2026
offset Credited to offset
Vanna has a SQL injection in the remove_training_data function Moderate
CVE-2026-4229 was published for vanna (pip) Mar 16, 2026
Duplicate Advisory: OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth) Moderate
GHSA-wgx8-r9vw-2w4h was published for openclaw (npm) Mar 12, 2026 withdrawn
Tornado has incomplete validation of cookie attributes Moderate
GHSA-78cv-mqj4-43f7 was published for tornado (pip) Mar 11, 2026
DHIRAL2908 Credited to DHIRAL2908
Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values Moderate
CVE-2026-29777 was published for github.com/traefik/traefik (Go) Mar 11, 2026
1seal Credited to 1seal
Caddy's vars_regexp double-expands user input, leaking env vars and files Moderate
CVE-2026-30852 was published for github.com/caddyserver/caddy/v2/modules/caddyhttp (Go) Mar 6, 2026
sammiee5311 Credited to sammiee5311
@perfood/couch-auth has a host header injection vulnerability Moderate
CVE-2025-70948 was published for @perfood/couch-auth (npm) Mar 5, 2026
Hono Vulnerable to SSE Control Field Injection via CR/LF in writeSSE() Moderate
CVE-2026-29085 was published for hono (npm) Mar 4, 2026
TarPeg007 Credited to TarPeg007
MCP NMAP Server has an Injection vulnerability Moderate
CVE-2026-3484 was published for mcp-nmap-server (npm) Mar 3, 2026
RediSearch Query Injection in @langchain/langgraph-checkpoint-redis Moderate
CVE-2026-27022 was published for @langchain/langgraph-checkpoint-redis (npm) Feb 18, 2026
yardenporat353 Credited to yardenporat353 and hntrl hntrl hntrl
ImapEngine affected by command injection via the ID command parameters Moderate
CVE-2026-2469 was published for directorytree/imapengine (Composer) Feb 14, 2026
mcp-maigret vulnerable to command injection Moderate
CVE-2026-2130 was published for mcp-maigret (npm) Feb 8, 2026
jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation) Moderate
CVE-2026-24043 was published for jspdf (npm) Feb 2, 2026
KarimTantawey Credited to KarimTantawey
risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability Moderate
CVE-2026-1050 was published for net.risesoft:risenet-y9boot-support-platform-service (Maven) Jan 17, 2026
Active Job - Object injection security vulnerability Moderate
GHSA-mpwp-4h2m-765c was published for activejob (RubyGems) Jan 16, 2026
Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling Moderate
GHSA-595p-g7xc-c333 was published for algolia/algoliasearch-magento-2 (Composer) Jan 14, 2026
IvanChepurnyi Credited to IvanChepurnyi
Apache Camel camel-neo4j component is vulnerable to cypher injection Moderate
CVE-2025-66169 was published for org.apache.camel:camel-neo4j (Maven) Jan 14, 2026
records-mover Injection vulnerability Moderate
CVE-2023-7333 was published for records-mover (pip) Jan 8, 2026
snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function Moderate
CVE-2025-14674 was published for com.aizuda:snail-job (Maven) Dec 14, 2025
Jenkins has a log message injection vulnerability Moderate
CVE-2025-59476 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
SimStudioAI: A function in route.ts is vulnerable to Code Injection Moderate
CVE-2025-10097 was published for simstudio (npm) Sep 8, 2025
AiondaDotCom mcp-ssh command injection vulnerability in SSH operations Moderate
CVE-2025-9654 was published for @aiondadotcom/mcp-ssh (npm) Aug 29, 2025
Character injection in Hubble CLI Moderate
CVE-2025-48056 was published for github.com/cilium/hubble (Go) May 21, 2025
devodev Credited to devodev and bipierce-cisco bipierce-cisco bipierce-cisco
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database