Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

124 advisories

Loading
@nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection') Moderate
CVE-2026-35515 was published for @nestjs/core (npm) Apr 6, 2026
aleister1102 Credited to aleister1102
Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows Moderate
CVE-2026-34773 was published for electron (npm) Apr 3, 2026
Electron: HTTP Response Header Injection in custom protocol handlers and webRequest Moderate
CVE-2026-34767 was published for electron (npm) Apr 3, 2026
Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass Moderate
CVE-2026-32695 was published for github.com/traefik/traefik/v2 (Go) Mar 27, 2026
b-hermes Credited to b-hermes
Rails Active Storage has possible glob injection in its DiskService Moderate
CVE-2026-33202 was published for activestorage (RubyGems) Mar 23, 2026
h3: SSE Event Injection via Unsanitized Carriage Return (`\r`) in EventStream Data and Comment Fields (Bypass of CVE Fix) Moderate
GHSA-4hxc-9384-m385 was published for h3 (npm) Mar 20, 2026
offset Credited to offset
Vanna has a SQL injection in the remove_training_data function Moderate
CVE-2026-4229 was published for vanna (pip) Mar 16, 2026
Duplicate Advisory: OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth) Moderate
GHSA-wgx8-r9vw-2w4h was published for openclaw (npm) Mar 12, 2026 withdrawn
Tornado has incomplete validation of cookie attributes Moderate
GHSA-78cv-mqj4-43f7 was published for tornado (pip) Mar 11, 2026
DHIRAL2908 Credited to DHIRAL2908
Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values Moderate
CVE-2026-29777 was published for github.com/traefik/traefik (Go) Mar 11, 2026
1seal Credited to 1seal
Caddy's vars_regexp double-expands user input, leaking env vars and files Moderate
CVE-2026-30852 was published for github.com/caddyserver/caddy/v2/modules/caddyhttp (Go) Mar 6, 2026
sammiee5311 Credited to sammiee5311
@perfood/couch-auth has a host header injection vulnerability Moderate
CVE-2025-70948 was published for @perfood/couch-auth (npm) Mar 5, 2026
Hono Vulnerable to SSE Control Field Injection via CR/LF in writeSSE() Moderate
CVE-2026-29085 was published for hono (npm) Mar 4, 2026
TarPeg007 Credited to TarPeg007
MCP NMAP Server has an Injection vulnerability Moderate
CVE-2026-3484 was published for mcp-nmap-server (npm) Mar 3, 2026
RediSearch Query Injection in @langchain/langgraph-checkpoint-redis Moderate
CVE-2026-27022 was published for @langchain/langgraph-checkpoint-redis (npm) Feb 18, 2026
yardenporat353 Credited to yardenporat353 and hntrl hntrl hntrl
ImapEngine affected by command injection via the ID command parameters Moderate
CVE-2026-2469 was published for directorytree/imapengine (Composer) Feb 14, 2026
mcp-maigret vulnerable to command injection Moderate
CVE-2026-2130 was published for mcp-maigret (npm) Feb 8, 2026
jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation) Moderate
CVE-2026-24043 was published for jspdf (npm) Feb 2, 2026
KarimTantawey Credited to KarimTantawey
risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability Moderate
CVE-2026-1050 was published for net.risesoft:risenet-y9boot-support-platform-service (Maven) Jan 17, 2026
Active Job - Object injection security vulnerability Moderate
GHSA-mpwp-4h2m-765c was published for activejob (RubyGems) Jan 16, 2026
Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling Moderate
GHSA-595p-g7xc-c333 was published for algolia/algoliasearch-magento-2 (Composer) Jan 14, 2026
IvanChepurnyi Credited to IvanChepurnyi
Apache Camel camel-neo4j component is vulnerable to cypher injection Moderate
CVE-2025-66169 was published for org.apache.camel:camel-neo4j (Maven) Jan 14, 2026
records-mover Injection vulnerability Moderate
CVE-2023-7333 was published for records-mover (pip) Jan 8, 2026
snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function Moderate
CVE-2025-14674 was published for com.aizuda:snail-job (Maven) Dec 14, 2025
Jenkins has a log message injection vulnerability Moderate
CVE-2025-59476 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database