Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

114 advisories

Loading
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override Critical
CVE-2026-46562 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
2BCEB1 Credited to 2BCEB1
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an... High Unreviewed
CVE-2026-48962 was published May 27, 2026
The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04)... High Unreviewed
CVE-2026-31254 was published May 11, 2026
Angular Expressions - Remote Code Execution using filters Critical
CVE-2026-44643 was published for angular-expressions (npm) May 11, 2026
SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code... Critical Unreviewed
CVE-2026-44128 was published May 8, 2026
PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope High
CVE-2026-42079 was published for pptagent (pip) May 5, 2026
Koukyosyumei Credited to Koukyosyumei
verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval() Low
CVE-2026-6878 was published for verl (pip) Apr 23, 2026
An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions... Moderate Unreviewed
CVE-2026-4837 was published Apr 8, 2026
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution... High Unreviewed
CVE-2026-22666 was published Apr 7, 2026
Agno is vulnerable to Eval Injection Critical
CVE-2026-35002 was published for agno (pip) Apr 2, 2026
TorchGeo Remote Code Execution Vulnerability High
CVE-2024-49048 was published for torchgeo (pip) Apr 1, 2026
zpbrent Credited to zpbrent, calebrob6, and adamjstewart calebrob6 calebrob6
adamjstewart adamjstewart
GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe... Critical Unreviewed
CVE-2026-4851 was published Mar 29, 2026
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code... Critical Unreviewed
CVE-2026-4001 was published Mar 24, 2026
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint Critical
CVE-2026-33017 was published for langflow (pip) Mar 17, 2026
Aviral2642 Credited to Aviral2642, andifilhohub, Jkavia, and srmish-jfrog andifilhohub andifilhohub
Jkavia Jkavia srmish-jfrog srmish-jfrog
Affected devices do not properly sanitize contents of trace files. This could allow an attacker... Critical Unreviewed
CVE-2025-40943 was published Mar 10, 2026
locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection High
CVE-2026-29091 was published for locutus (npm) Mar 4, 2026
tomasilluminati Credited to tomasilluminati
OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection Critical
CVE-2026-28370 was published for vitrage (pip) Feb 27, 2026
n8n has Unauthenticated Expression Evaluation via Form Node Critical
CVE-2026-27493 was published for n8n (npm) Feb 25, 2026
eilonc-pillar Credited to eilonc-pillar
Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) Critical
CVE-2026-27702 was published for budibase (npm) Feb 25, 2026
vicevirus Credited to vicevirus
The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for... Moderate Unreviewed
CVE-2025-15551 was published Feb 5, 2026
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()'... High Unreviewed
CVE-2020-37137 was published Feb 5, 2026
n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution Critical
CVE-2026-1470 was published for n8n (npm) Jan 27, 2026
Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2026-0769 was published Jan 23, 2026
AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper Moderate
CVE-2026-23885 was published for alchemy_cms (RubyGems) Jan 21, 2026
TheDeepOpc Credited to TheDeepOpc and tvdeyen tvdeyen tvdeyen
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor... High Unreviewed
CVE-2026-0863 was published Jan 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database