Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an... Critical Unreviewed
CVE-2026-56447 was published Jun 22, 2026
PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection Critical
CVE-2026-44336 was published for PraisonAI (pip) May 11, 2026
amwhoi Credited to amwhoi
Electerm users can run dangrous code through link or command line Critical
CVE-2026-43944 was published for electerm (npm) May 8, 2026
amwhoi Credited to amwhoi
Electerm runWidget has a path traversal that leads to arbitrary code execution Critical
CVE-2026-43940 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. Critical Unreviewed
CVE-2026-40959 was published Apr 16, 2026
PraisonAI Vulnerable Untrusted Remote Template Code Execution Critical
CVE-2026-40154 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was... Critical Unreviewed
CVE-2025-70046 was published Mar 9, 2026
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview... Critical Unreviewed
CVE-2026-1699 was published Jan 30, 2026
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation Critical
CVE-2025-68924 was published for UmbracoForms (NuGet) Jan 13, 2026
chudyPB Credited to chudyPB
FASTJSON Includes Functionality from Untrusted Control Sphere Critical
CVE-2025-70974 was published for com.alibaba:fastjson (Maven) Jan 9, 2026
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook Critical
CVE-2025-65964 was published for n8n (npm) Dec 8, 2025
Malayke Credited to Malayke
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a... Critical Unreviewed
CVE-2025-32463 was published Jun 30, 2025
@nx/azure-cache Vulnerable to Build Cache Poisoning via Untrusted Pull Requests Critical
CVE-2025-36852 was published for @nx/azure-cache (npm) Jun 10, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27668 was published Mar 5, 2025
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an... Critical Unreviewed
CVE-2025-0982 was published Feb 6, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2024-49649 was published Jan 7, 2025
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an... Critical Unreviewed
CVE-2024-9537 was published Oct 18, 2024
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information... Critical Unreviewed
CVE-2024-38476 was published Jul 1, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2024-35629 was published Jun 4, 2024
Ray has arbitrary code execution via jobs submission API Critical
CVE-2023-48022 was published for ray (pip) Nov 28, 2023
JLLeitschuh Credited to JLLeitschuh
In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation... Critical Unreviewed
CVE-2023-45798 was published Oct 30, 2023
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to,... Critical Unreviewed
CVE-2023-4488 was published Oct 20, 2023
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated... Critical Unreviewed
CVE-2022-24119 was published Dec 26, 2022
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and... Critical Unreviewed
CVE-2020-16152 was published May 24, 2022
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of... Critical Unreviewed
CVE-2021-21804 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database