Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

73 advisories

Loading
Agno is vulnerable to Eval Injection Critical
CVE-2026-35002 was published for agno (pip) Apr 2, 2026
TorchGeo Remote Code Execution Vulnerability High
CVE-2024-49048 was published for torchgeo (pip) Apr 1, 2026
zpbrent Credited to zpbrent, calebrob6, and adamjstewart calebrob6 calebrob6
adamjstewart adamjstewart
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint Critical
CVE-2026-33017 was published for langflow (pip) Mar 17, 2026
Aviral2642 Credited to Aviral2642, andifilhohub, Jkavia, and srmish-jfrog andifilhohub andifilhohub
Jkavia Jkavia srmish-jfrog srmish-jfrog
locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection High
CVE-2026-29091 was published for locutus (npm) Mar 4, 2026
tomasilluminati Credited to tomasilluminati
OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection Critical
CVE-2026-28370 was published for vitrage (pip) Feb 27, 2026
n8n has Unauthenticated Expression Evaluation via Form Node Critical
CVE-2026-27493 was published for n8n (npm) Feb 25, 2026
eilonc-pillar Credited to eilonc-pillar
Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) Critical
CVE-2026-27702 was published for budibase (npm) Feb 25, 2026
vicevirus Credited to vicevirus
n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution Critical
CVE-2026-1470 was published for n8n (npm) Jan 27, 2026
AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper Moderate
CVE-2026-23885 was published for alchemy_cms (RubyGems) Jan 21, 2026
TheDeepOpc Credited to TheDeepOpc and tvdeyen tvdeyen tvdeyen
openc3-api Vulnerable to Unauthenticated Remote Code Execution Critical
CVE-2025-68271 was published for openc3 (RubyGems) Jan 13, 2026
GhostPowerShell Credited to GhostPowerShell
XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection High
CVE-2025-66474 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Dec 10, 2025
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events High
CVE-2025-64496 was published for open-webui (npm) Nov 7, 2025
vitalysim Credited to vitalysim
Flowise vulnerable to RCE via Dynamic function constructor injection Critical
CVE-2025-55346 was published for flowise (npm) Oct 6, 2025
assaf-levkovich-jf Credited to assaf-levkovich-jf
XWiki Blog Application: Privilege Escalation (PR) from account through blog content High
CVE-2025-58365 was published for org.xwiki.contrib.blog:application-blog-ui (Maven) Sep 8, 2025
OZI-Project/ozi-publish Code Injection vulnerability Moderate
CVE-2025-47271 was published for OZI-Project/publish (GitHub Actions) May 12, 2025
com.xwiki.confluencepro:application-confluence-migrator-pro-ui Remote Code Execution via unescaped translations Critical
CVE-2025-27603 was published for com.xwiki.confluencepro:application-confluence-migrator-pro-ui (Maven) Mar 7, 2025
XWiki Platform allows remote code execution as guest via SolrSearchMacros request Critical
CVE-2025-24893 was published for org.xwiki.platform:xwiki-platform-search-solr-ui (Maven) Feb 20, 2025
DocsGPT Allows Remote Code Execution Critical
CVE-2025-0868 was published for docsgpt (npm) Feb 20, 2025
GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions Critical
CVE-2024-36404 was published for org.geotools.xsd:gt-xsd-core (Maven) Feb 5, 2025
sikeoka Credited to sikeoka and jodygarnett jodygarnett jodygarnett
AgentScope uses `eval` High
CVE-2024-48050 was published for agentscope (pip) Nov 5, 2024
Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE) Moderate
GHSA-mpcw-3j5p-p99x was published for org.openrefine.dependencies:butterfly (Maven) Oct 24, 2024
LangChain Experimental Eval Injection vulnerability Critical
CVE-2024-46946 was published for langchain-experimental (pip) Sep 19, 2024
Chaosblade vulnerable to OS command execution Critical
CVE-2023-47105 was published for github.com/chaosblade-io/chaosblade (Go) Sep 18, 2024
Guardrails has an arbitrary code execution vulnerability High
CVE-2024-45858 was published for guardrails-ai (pip) Sep 18, 2024
MindsDB Eval Injection vulnerability High
CVE-2024-45851 was published for mindsdb (pip) Sep 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database