Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Loading
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. Critical Unreviewed
CVE-2026-40959 was published Apr 16, 2026
PraisonAI Vulnerable Untrusted Remote Template Code Execution Critical
CVE-2026-40154 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was... Critical Unreviewed
CVE-2025-70046 was published Mar 9, 2026
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview... Critical Unreviewed
CVE-2026-1699 was published Jan 30, 2026
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation Critical
CVE-2025-68924 was published for UmbracoForms (NuGet) Jan 13, 2026
chudyPB Credited to chudyPB
FASTJSON Includes Functionality from Untrusted Control Sphere Critical
CVE-2025-70974 was published for com.alibaba:fastjson (Maven) Jan 9, 2026
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook Critical
CVE-2025-65964 was published for n8n (npm) Dec 8, 2025
Malayke Credited to Malayke
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a... Critical Unreviewed
CVE-2025-32463 was published Jun 30, 2025
@nx/azure-cache Vulnerable to Build Cache Poisoning via Untrusted Pull Requests Critical
CVE-2025-36852 was published for @nx/azure-cache (npm) Jun 10, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27668 was published Mar 5, 2025
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an... Critical Unreviewed
CVE-2025-0982 was published Feb 6, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2024-49649 was published Jan 7, 2025
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an... Critical Unreviewed
CVE-2024-9537 was published Oct 18, 2024
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information... Critical Unreviewed
CVE-2024-38476 was published Jul 1, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2024-35629 was published Jun 4, 2024
Ray has arbitrary code execution via jobs submission API Critical
CVE-2023-48022 was published for ray (pip) Nov 28, 2023
JLLeitschuh Credited to JLLeitschuh
In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation... Critical Unreviewed
CVE-2023-45798 was published Oct 30, 2023
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to,... Critical Unreviewed
CVE-2023-4488 was published Oct 20, 2023
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated... Critical Unreviewed
CVE-2022-24119 was published Dec 26, 2022
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and... Critical Unreviewed
CVE-2020-16152 was published May 24, 2022
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of... Critical Unreviewed
CVE-2021-21804 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in... Critical Unreviewed
CVE-2020-4561 was published May 24, 2022
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated... Critical Unreviewed
CVE-2018-15486 was published May 13, 2022
The cache directory on the local file system is set to be world writable. Firefox defaults to... Critical Unreviewed
CVE-2017-5397 was published May 13, 2022
A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and... Critical Unreviewed
CVE-2017-1376 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database