Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

217 advisories

Loading
pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes High
CVE-2026-55698 was published for pnpm (npm) Jun 26, 2026
pnpm: Repository-controlled configDependencies can select a pacquet native install engine High
CVE-2026-55697 was published for pnpm (npm) Jun 26, 2026
pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle High
CVE-2026-55487 was published for pnpm (npm) Jun 26, 2026
A flaw was found in Yelp. The Gnome user help application allows the help document to execute... Moderate Unreviewed
CVE-2025-3155 was published Apr 3, 2025
MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an... Critical Unreviewed
CVE-2026-56447 was published Jun 22, 2026
containerd: CRI checkpoint import allows local image tag poisoning Moderate
CVE-2026-50195 was published for github.com/containerd/containerd/v2 (Go) Jun 19, 2026
hbeberman Credited to hbeberman and robertprast robertprast robertprast
[Eclipse Theia] Indirect Prompt Injection via Auto-Loaded Workspace Prompt Template Files in AI Chat High
CVE-2026-46580 was published for @theia/ai-chat (npm) Jun 18, 2026
[Eclipse Theia] Arbitrary Command Execution via Untrusted Workspace Task Definitions High
CVE-2026-44691 was published for @theia/debug (npm) Jun 18, 2026
[Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat High
CVE-2026-44688 was published for @theia/ai-chat (npm) Jun 18, 2026
Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality... High Unreviewed
CVE-2026-22283 was published Jun 17, 2026
Pi Agent: Pi loads project-local extensions without approval Moderate
CVE-2026-54325 was published for @earendil-works/pi-coding-agent (npm) Jun 17, 2026
qerogram Credited to qerogram, urianpaul94, EQSTLab, kamalmarhubi, and useworld urianpaul94 urianpaul94
EQSTLab EQSTLab kamalmarhubi kamalmarhubi useworld useworld
When the application executes the JavaScript script embedded in the PDF within the sandbox, it... High Unreviewed
CVE-2026-12057 was published Jun 15, 2026
OpenStack Ironic Python Agent Includes Functionality from Untrusted Control Sphere High
CVE-2026-43003 was published for ironic-python-agent (pip) May 1, 2026
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL Moderate
CVE-2026-22217 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content Moderate
CVE-2026-44312 was published for css_parser (RubyGems) May 7, 2026
JLLeitschuh Credited to JLLeitschuh
OpenStack Ironic is Vulnerable to Inclusion of Functionality from Untrusted Control Sphere Moderate
CVE-2026-42510 was published for ironic (pip) Apr 28, 2026
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit)... High Unreviewed
CVE-2026-4255 was published Mar 16, 2026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an... High Unreviewed
CVE-2026-11269 was published Jun 5, 2026
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content... High Unreviewed
CVE-2026-8879 was published Jun 3, 2026
A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0... High Unreviewed
CVE-2026-5241 was published Jun 3, 2026
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL... High Unreviewed
CVE-2022-49036 was published Jun 3, 2026
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component... High Unreviewed
CVE-2022-49042 was published Jun 3, 2026
PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334 High
CVE-2026-47398 was published for PraisonAI (pip) May 29, 2026
SnailSploit Credited to SnailSploit
yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation High
CVE-2026-42089 was published for yeoman-environment (npm) May 26, 2026
mshima Credited to mshima, UlisesGascon, and 0xmrma UlisesGascon UlisesGascon
0xmrma 0xmrma
The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which... High Unreviewed
CVE-2026-5843 was published May 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database