Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes High
CVE-2026-55698 was published for pnpm (npm) Jun 26, 2026
pnpm: Repository-controlled configDependencies can select a pacquet native install engine High
CVE-2026-55697 was published for pnpm (npm) Jun 26, 2026
pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle High
CVE-2026-55487 was published for pnpm (npm) Jun 26, 2026
[Eclipse Theia] Arbitrary Command Execution via Untrusted Workspace Task Definitions High
CVE-2026-44691 was published for @theia/debug (npm) Jun 18, 2026
[Eclipse Theia] Indirect Prompt Injection via Auto-Loaded Workspace Prompt Template Files in AI Chat High
CVE-2026-46580 was published for @theia/ai-chat (npm) Jun 18, 2026
[Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat High
CVE-2026-44688 was published for @theia/ai-chat (npm) Jun 18, 2026
Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality... High Unreviewed
CVE-2026-22283 was published Jun 17, 2026
When the application executes the JavaScript script embedded in the PDF within the sandbox, it... High Unreviewed
CVE-2026-12057 was published Jun 15, 2026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an... High Unreviewed
CVE-2026-11269 was published Jun 5, 2026
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content... High Unreviewed
CVE-2026-8879 was published Jun 3, 2026
A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0... High Unreviewed
CVE-2026-5241 was published Jun 3, 2026
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL... High Unreviewed
CVE-2022-49036 was published Jun 3, 2026
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component... High Unreviewed
CVE-2022-49042 was published Jun 3, 2026
PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334 High
CVE-2026-47398 was published for PraisonAI (pip) May 29, 2026
SnailSploit Credited to SnailSploit
yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation High
CVE-2026-42089 was published for yeoman-environment (npm) May 26, 2026
mshima Credited to mshima, UlisesGascon, and 0xmrma UlisesGascon UlisesGascon
0xmrma 0xmrma
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets... High Unreviewed
CVE-2026-5817 was published May 26, 2026
The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which... High Unreviewed
CVE-2026-5843 was published May 26, 2026
OpenStack Ironic Python Agent Includes Functionality from Untrusted Control Sphere High
CVE-2026-43003 was published for ironic-python-agent (pip) May 1, 2026
Duplicate Advisory: OpenClaw: Workspace `.env` can override the bundled hooks root and load attacker hook code High
GHSA-jx3c-247h-cxwp was published for openclaw (npm) Apr 24, 2026 withdrawn
InstructLab Includes Functionality from Untrusted Control Sphere High
CVE-2026-6859 was published for instructlab (pip) Apr 22, 2026
OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins High
CVE-2026-43569 was published for openclaw (npm) Apr 17, 2026
zpbrent Credited to zpbrent
OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows High
CVE-2026-43571 was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation... High Unreviewed
CVE-2026-6482 was published Apr 17, 2026
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading High
CVE-2026-40156 was published for praisonai (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... High Unreviewed
CVE-2026-1342 was published Apr 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database