Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5,307 advisories

Loading
FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection High
CVE-2026-43945 was published for @frangoteam/fuxa (npm) May 26, 2026
ud444ng Credited to ud444ng
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM... Critical Unreviewed
CVE-2026-8633 was published May 26, 2026
IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in... High Unreviewed
CVE-2026-8855 was published May 26, 2026
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM... High Unreviewed
CVE-2026-9170 was published May 26, 2026
OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated... High Unreviewed
CVE-2026-42785 was published May 26, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com... High Unreviewed
CVE-2026-24937 was published May 26, 2026
Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows... Critical Unreviewed
CVE-2018-25357 was published May 26, 2026
Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation High
CVE-2026-46640 was published for twig/twig (Composer) May 21, 2026
vladko312 Credited to vladko312
Twig: PHP code injection via `{% use %}` template name Critical
CVE-2026-46633 was published for twig/twig (Composer) May 21, 2026
lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out High
CVE-2026-46517 was published for lmdeploy (pip) May 21, 2026
ibondarenko1 Credited to ibondarenko1
LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization High
CVE-2026-46432 was published for lmdeploy (pip) May 21, 2026
beanduan22 Credited to beanduan22
Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail Moderate Unreviewed
CVE-2026-42396 was published May 21, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client... Critical Unreviewed
CVE-2026-22314 was published May 20, 2026
scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the... Critical Unreviewed
CVE-2026-30117 was published May 19, 2026
GlassFish's Administration Console is Vulnerable to RCE Critical
CVE-2026-2586 was published for org.glassfish.jsftemplating:jsftemplating (Maven) May 19, 2026
ModelScope is vulnerable to arbitrary code injection via a crafted module High
CVE-2025-51427 was published for modelscope (pip) May 19, 2026
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives... High Unreviewed
CVE-2026-46586 was published May 19, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in email services of... Moderate Unreviewed
CVE-2026-35086 was published May 19, 2026
ChromaDB Python project has a pre-authentication code injection vulnerability Critical
CVE-2026-45829 was published for chromadb (pip) May 18, 2026
Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API Moderate
CVE-2026-45719 was published for @budibase/server (npm) May 18, 2026
MerlijnW70 Credited to MerlijnW70
Formie: Pre-authenticated server-side template injection in Hidden fields Critical
CVE-2026-45697 was published for verbb/formie (Composer) May 18, 2026
pwnsauc3 Credited to pwnsauc3
A vulnerability in Command-Line Client in P4 Server prior to the 2025.2 Patch 2, identified as... High Unreviewed
CVE-2026-6902 was published May 18, 2026
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability... Critical Unreviewed
CVE-2018-25320 was published May 17, 2026
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to... Critical Unreviewed
CVE-2021-47952 was published May 16, 2026
ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote... Moderate Unreviewed
CVE-2025-67031 was published May 15, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database