Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

4,833 advisories

Loading
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers... Critical Unreviewed
CVE-2026-4408 was published May 28, 2026
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When... High Unreviewed
CVE-2026-44604 was published May 28, 2026
Tanium addressed an unauthorized code execution vulnerability in Connect. High Unreviewed
CVE-2026-9208 was published May 28, 2026
A highly authenticated attacker can alter the config generator injecting a payload into future... High Unreviewed
CVE-2026-40852 was published May 27, 2026
Tanium addressed an unauthorized code execution vulnerability in Connect. High Unreviewed
CVE-2026-9207 was published May 27, 2026
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS... Critical Unreviewed
CVE-2026-9560 was published May 26, 2026
FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in... High Unreviewed
CVE-2026-48694 was published May 26, 2026
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the... High Unreviewed
CVE-2026-48695 was published May 26, 2026
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the... Critical Unreviewed
CVE-2026-48687 was published May 26, 2026
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job... High Unreviewed
CVE-2026-4480 was published May 26, 2026
An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains... High Unreviewed
CVE-2026-8652 was published May 26, 2026
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron Critical
CVE-2026-46716 was published for github.com/nezhahq/nezha (Go) May 23, 2026
Snappy: Binary path is never shell-escaped due to an inverted is_executable check High
CVE-2026-46643 was published for KnpLabs/knp-snappy (Composer) May 21, 2026
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables Moderate
CVE-2026-46618 was published for github.com/fission/fission (Go) May 21, 2026
b0b0haha Credited to b0b0haha, j311yl0v3u, and sanketsudake j311yl0v3u j311yl0v3u
sanketsudake sanketsudake
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list... High Unreviewed
CVE-2026-45255 was published May 21, 2026
Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local... Moderate Unreviewed
CVE-2026-44076 was published May 21, 2026
Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the... Low Unreviewed
CVE-2026-44072 was published May 21, 2026
A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote... High Unreviewed
CVE-2026-44055 was published May 21, 2026
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have... Moderate Unreviewed
CVE-2026-20206 was published May 20, 2026
Setup PHP: Command Injection in Repository-Derived PHP Version Resolution Moderate
CVE-2026-46420 was published for shivammathur/setup-php (GitHub Actions) May 20, 2026
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes Critical
CVE-2026-46339 was published for 9router (npm) May 19, 2026
sondt99 Credited to sondt99
Kopia: RCE via SSH ProxyCommand Injection Critical
CVE-2026-45695 was published for github.com/kopia/kopia (Go) May 19, 2026
berardinellidaniele Credited to berardinellidaniele
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to... High Unreviewed
CVE-2026-8603 was published May 19, 2026
A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP... High Unreviewed
CVE-2026-36828 was published May 19, 2026
A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web... Moderate Unreviewed
CVE-2026-36827 was published May 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database