Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

4,833 advisories

Loading
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary... High Unreviewed
CVE-2026-4802 was published May 11, 2026
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers... Critical Unreviewed
CVE-2026-4408 was published May 28, 2026
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When... High Unreviewed
CVE-2026-44604 was published May 28, 2026
Tanium addressed an unauthorized code execution vulnerability in Connect. High Unreviewed
CVE-2026-9208 was published May 28, 2026
GPT-Pilot contains a command injection vulnerability in the Executor.run() method Moderate
CVE-2026-31246 was published for gpt-pilot (pip) May 11, 2026
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS... Critical Unreviewed
CVE-2026-9560 was published May 26, 2026
FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in... High Unreviewed
CVE-2026-48694 was published May 26, 2026
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the... Critical Unreviewed
CVE-2026-48687 was published May 26, 2026
A highly authenticated attacker can alter the config generator injecting a payload into future... High Unreviewed
CVE-2026-40852 was published May 27, 2026
Tanium addressed an unauthorized code execution vulnerability in Connect. High Unreviewed
CVE-2026-9207 was published May 27, 2026
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the... High Unreviewed
CVE-2026-48695 was published May 26, 2026
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job... High Unreviewed
CVE-2026-4480 was published May 26, 2026
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated... High Unreviewed
CVE-2022-27224 was published May 10, 2022
An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains... High Unreviewed
CVE-2026-8652 was published May 26, 2026
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron Critical
CVE-2026-46716 was published for github.com/nezhahq/nezha (Go) May 23, 2026
Snappy: Binary path is never shell-escaped due to an inverted is_executable check High
CVE-2026-46643 was published for KnpLabs/knp-snappy (Composer) May 21, 2026
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables Moderate
CVE-2026-46618 was published for github.com/fission/fission (Go) May 21, 2026
b0b0haha Credited to b0b0haha, j311yl0v3u, and sanketsudake j311yl0v3u j311yl0v3u
sanketsudake sanketsudake
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to... High Unreviewed
CVE-2026-8603 was published May 19, 2026
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list... High Unreviewed
CVE-2026-45255 was published May 21, 2026
Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local... Moderate Unreviewed
CVE-2026-44076 was published May 21, 2026
A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote... High Unreviewed
CVE-2026-44055 was published May 21, 2026
Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the... Low Unreviewed
CVE-2026-44072 was published May 21, 2026
electerm allows unauthorized users to execute arbitrary commands Critical
CVE-2020-23256 was published for electerm (npm) Jan 20, 2023
filipeom Credited to filipeom
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have... Moderate Unreviewed
CVE-2026-20206 was published May 20, 2026
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin... Critical Unreviewed
CVE-2026-37281 was published May 19, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database