Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

55 advisories

Loading
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override Critical
CVE-2026-46562 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
2BCEB1 Credited to 2BCEB1
Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints High
CVE-2026-44174 was published for getkirby/cms (Composer) May 26, 2026
mojamojam Credited to mojamojam
Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading Critical
CVE-2026-8178 was published for com.amazon.redshift:redshift-jdbc42 (Maven) May 14, 2026
Fushuling Credited to Fushuling
PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute High
CVE-2026-44339 was published for PraisonAI (pip) May 11, 2026
shmulc8 Credited to shmulc8
Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior High
CVE-2026-44011 was published for craftcms/cms (Composer) May 6, 2026
precicom-vincent-tl Credited to precicom-vincent-tl
Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest Critical
CVE-2026-42027 was published for org.apache.opennlp:opennlp-tools (Maven) May 4, 2026
Statamic: Unsafe method invocation via query value resolution allows data destruction High
CVE-2026-41175 was published for statamic/cms (Composer) Apr 16, 2026
joshuaalwin Credited to joshuaalwin and kodareef5 kodareef5 kodareef5
Microsoft Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local... Moderate Unreviewed
CVE-2018-25239 was published Apr 4, 2026
An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate... Moderate Unreviewed
CVE-2026-23923 was published Mar 24, 2026
Craft CMS is Vulnerable to Authenticated Remote Code Execution via Malicious Attached Behavior High
CVE-2026-33157 was published for craftcms/cms (Composer) Mar 24, 2026
yuma4869 Credited to yuma4869
Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController High
CVE-2026-32264 was published for craftcms/cms (Composer) Mar 16, 2026
Craft CMS vulnerable to behavior injection RCE via EntryTypesController High
CVE-2026-32263 was published for craftcms/cms (Composer) Mar 16, 2026
q1uf3ng Credited to q1uf3ng
Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware High
GHSA-cwxj-rr6w-m6w7 was published for Scrapy (pip) Mar 13, 2026
Tomer-PL Credited to Tomer-PL
Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior High
CVE-2026-25498 was published for craftcms/cms (Composer) Feb 9, 2026
RajChowdhury240 Credited to RajChowdhury240 and rlarabee rlarabee rlarabee
Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior High
CVE-2025-68455 was published for craftcms/cms (Composer) Jan 5, 2026
chutchut Credited to chutchut
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does... Critical Unreviewed
CVE-2025-34393 was published Dec 10, 2025
AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
GHSA-8wj8-cfxr-9374 was published for aws-advanced-nodejs-wrapper (npm) Nov 13, 2025
AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance High
GHSA-7wq2-32h4-9hc9 was published for github.com/aws/aws-advanced-go-wrapper/auth-helpers (Go) Nov 13, 2025
Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
GHSA-7xw4-g7mm-r4hh was published for software.amazon.jdbc:aws-advanced-jdbc-wrapper (Maven) Nov 13, 2025
AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
CVE-2025-12967 was published for aws_advanced_python_wrapper (pip) Nov 13, 2025
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz... Critical Unreviewed
CVE-2025-63690 was published Nov 7, 2025
Astro's `X-Forwarded-Host` is reflected without validation Moderate
CVE-2025-61925 was published for astro (npm) Oct 10, 2025
Chisnet Credited to Chisnet
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Critical Unreviewed
CVE-2025-53693 was published Sep 3, 2025
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection... High Unreviewed
CVE-2025-3600 was published May 14, 2025
generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework High
CVE-2025-31119 was published for generator-jhipster-entity-audit (npm) Apr 4, 2025
OmarHawk Credited to OmarHawk
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database