Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
975
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,138 advisories

Loading
A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the... Moderate Unreviewed
CVE-2026-12208 was published Jun 15, 2026
A security vulnerability has been detected in RubyLouvre avalon up to 2.2.10. The impacted... Moderate Unreviewed
CVE-2026-12209 was published Jun 15, 2026
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated... Moderate Unreviewed
CVE-2026-0414 was published Jun 9, 2026
actual Allows Electron to Run As Node Moderate
CVE-2026-42890 was published for actual (npm) Jun 8, 2026
mustafa-sec Credited to mustafa-sec
Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who... Moderate Unreviewed
CVE-2026-11157 was published Jun 5, 2026
Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail Moderate Unreviewed
CVE-2026-42396 was published May 21, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in email services of... Moderate Unreviewed
CVE-2026-35086 was published May 19, 2026
Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API Moderate
CVE-2026-45719 was published for @budibase/server (npm) May 18, 2026
MerlijnW70 Credited to MerlijnW70
ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote... Moderate Unreviewed
CVE-2025-67031 was published May 15, 2026
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method... Moderate Unreviewed
CVE-2026-39052 was published May 15, 2026
Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a... Moderate Unreviewed
CVE-2026-8539 was published May 14, 2026
Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim,... Moderate Unreviewed
CVE-2025-69443 was published May 14, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7,... Moderate Unreviewed
CVE-2025-12669 was published May 14, 2026
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary... Moderate Unreviewed
CVE-2025-15463 was published May 13, 2026
Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP... Moderate Unreviewed
CVE-2026-40129 was published May 12, 2026
Mermaid: Improper sanitization of configuration leads to CSS injection Moderate
CVE-2026-41159 was published for mermaid (npm) May 11, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and aloisklink KeenSecurityLab KeenSecurityLab
aloisklink aloisklink
Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection Moderate
CVE-2026-41149 was published for mermaid (npm) May 11, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and aloisklink KeenSecurityLab KeenSecurityLab
aloisklink aloisklink
Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection Moderate
CVE-2026-41148 was published for mermaid (npm) May 11, 2026
matejsmycka Credited to matejsmycka and aloisklink aloisklink aloisklink
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure... Moderate Unreviewed
CVE-2026-31252 was published May 11, 2026
Account users are allowed by default to register templates to be downloaded directly to the... Moderate Unreviewed
CVE-2026-25077 was published May 8, 2026
FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images Moderate
CVE-2026-42879 was published for facturascripts/facturascripts (Composer) May 7, 2026
guzrex Credited to guzrex
Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who... Moderate Unreviewed
CVE-2026-8021 was published May 6, 2026
Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle... Moderate Unreviewed
CVE-2026-35255 was published May 6, 2026
H2O-3 is Vulnerable to Code Injection Moderate
CVE-2026-3960 was published for ai.h2o:h2o-core (Maven) Apr 23, 2026
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action... Moderate Unreviewed
CVE-2026-1509 was published Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database