Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5,307 advisories

Loading
Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions. Critical Unreviewed
CVE-2026-48836 was published Jun 15, 2026
Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions. Critical Unreviewed
CVE-2026-39465 was published Jun 15, 2026
protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names High
CVE-2026-54271 was published for protobufjs-cli (npm) Jun 15, 2026
JacobBrackett Credited to JacobBrackett and dcodeIO dcodeIO dcodeIO
Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas... Critical Unreviewed
CVE-2026-52704 was published Jun 15, 2026
Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring... High Unreviewed
CVE-2026-11860 was published Jun 15, 2026
A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the... Moderate Unreviewed
CVE-2026-12208 was published Jun 15, 2026
A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted... Moderate Unreviewed
CVE-2026-12209 was published Jun 15, 2026
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows... Critical Unreviewed
CVE-2026-45833 was published Jun 12, 2026
OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri High
CVE-2026-48054 was published for @openzeppelin/wizard (npm) Jun 11, 2026
232-323 Credited to 232-323 and knm6777 knm6777 knm6777
PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing High
CVE-2026-47781 was published for pdm (pip) Jun 11, 2026
xuemian168 Credited to xuemian168
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a... Unknown Unreviewed
CVE-2026-50223 was published Jun 11, 2026
PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground Critical
CVE-2026-8467 was published for phoenix_storybook (Erlang) Jun 9, 2026
maennchen Credited to maennchen, ndelphit, cnkk, and cblavier ndelphit ndelphit
cnkk cnkk cblavier cblavier
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an... High Unreviewed
CVE-2026-47292 was published Jun 9, 2026
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an... High Unreviewed
CVE-2026-45583 was published Jun 9, 2026
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated... Moderate Unreviewed
CVE-2026-0414 was published Jun 9, 2026
WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that... Critical Unreviewed
CVE-2017-20251 was published Jun 9, 2026
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote... High Unreviewed
CVE-2026-11688 was published Jun 9, 2026
nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml High
CVE-2026-47722 was published for github.com/juev/nebula-mesh (Go) Jun 8, 2026
ak2k Credited to ak2k
Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin Critical
CVE-2026-47252 was published for github.com/julien040/anyquery/plugins/brave (Go) Jun 8, 2026
232-323 Credited to 232-323
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability... High Unreviewed
CVE-2026-25856 was published Jun 8, 2026
actual Allows Electron to Run As Node Moderate
CVE-2026-42890 was published for actual (npm) Jun 8, 2026
mustafa-sec Credited to mustafa-sec
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(),... High Unreviewed
CVE-2026-49493 was published Jun 5, 2026
DbGate: Remote Code Execution via functionName injection in loadReader endpoint High
CVE-2026-48017 was published for dbgate-api (npm) Jun 5, 2026
romain-deperne Credited to romain-deperne
DbGate: Unauthenticated Remote Code Execution via JSON Script Runner Critical
CVE-2026-47668 was published for dbgate-serve (npm) Jun 5, 2026
benharvey-sage Credited to benharvey-sage
Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53... High Unreviewed
CVE-2026-11231 was published Jun 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database