Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,395 advisories

Loading
This vulnerability in Veeam Service Provider Console allows for remote code execution. Critical Unreviewed
CVE-2026-32998 was published May 28, 2026
Insufficient character filtering in backup agent signing module on Comet Backup server allows... Critical Unreviewed
CVE-2026-32999 was published May 28, 2026
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated... Critical Unreviewed
CVE-2026-7374 was published May 26, 2026
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in... Critical Unreviewed
CVE-2026-5121 was published Mar 30, 2026
Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase,... Critical Unreviewed
CVE-2026-9739 was published May 28, 2026
Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection Critical
CVE-2026-46621 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
superpegaso2703 Credited to superpegaso2703
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override Critical
CVE-2026-46562 was published for org.yamcs:yamcs-core (Maven) May 27, 2026
2BCEB1 Credited to 2BCEB1
imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module Critical
CVE-2026-31235 was published for imgaug (pip) May 12, 2026
llm CLI tool contains a code injection vulnerability via `--functions` command-line argument Critical
CVE-2026-31236 was published for llm (pip) May 12, 2026
Ludwig framework is vulnerable to insecure deserialization through its predict() method. Critical
CVE-2026-31237 was published for ludwig (pip) May 12, 2026
Ludwig framework is vulnerable to insecure deserialization in its model serving component Critical
CVE-2026-31238 was published for ludwig (pip) May 12, 2026
mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub Critical
CVE-2026-31239 was published for mamba-ssm (pip) May 12, 2026
Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism Critical
CVE-2026-31233 was published for guardrails-ai (pip) May 12, 2026
Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component Critical
CVE-2026-31234 was published for horovod (pip) May 12, 2026
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets... Critical Unreviewed
CVE-2026-42496 was published May 26, 2026
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with... Critical Unreviewed
CVE-2026-8376 was published May 26, 2026
Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP... Critical Unreviewed
CVE-2026-8364 was published May 27, 2026
A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long... Critical Unreviewed
CVE-2026-8363 was published May 27, 2026
A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long... Critical Unreviewed
CVE-2026-8362 was published May 27, 2026
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH... Critical Unreviewed
CVE-2026-48691 was published May 26, 2026
Langroid has Prompt to SQL Injection, Leading to RCE Critical
CVE-2026-25879 was published for langroid (pip) May 27, 2026
Ka7arotto Credited to Ka7arotto
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file... Critical Unreviewed
CVE-2026-8450 was published May 27, 2026
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS... Critical Unreviewed
CVE-2026-9560 was published May 26, 2026
LiquidJS is Vulnerable to Remote Code Execution Critical
CVE-2026-45618 was published for liquidjs (npm) May 27, 2026
c0rydoras Credited to c0rydoras
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the... Critical Unreviewed
CVE-2026-48687 was published May 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database