Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

4,891 advisories

Loading
Apache Avro Java SDK is Vulnerable to Code Injection Moderate
CVE-2025-33042 was published for org.apache.avro:avro (Maven) Feb 13, 2026
ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that... High Unreviewed
CVE-2020-37167 was published Feb 13, 2026
Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC High
CVE-2026-26056 was published for github.com/yokecd/yoke (Go) Feb 12, 2026
b0b0haha lixingquzhi
Credited to b0b0haha and lixingquzhi
An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute... High Unreviewed
CVE-2025-63421 was published Feb 12, 2026
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code... High Unreviewed
CVE-2026-0969 was published Feb 12, 2026
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help... Moderate Unreviewed
CVE-2020-37178 was published Feb 11, 2026
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to... Critical Unreviewed
CVE-2020-37186 was published Feb 11, 2026
DiskCache has unsafe pickle deserialization Moderate
CVE-2025-69872 was published for diskcache (pip) Feb 11, 2026
CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of... High Unreviewed
CVE-2026-1226 was published Feb 11, 2026
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2026-1560 was published Feb 11, 2026
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all... High Unreviewed
CVE-2025-14541 was published Feb 11, 2026
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows... High Unreviewed
CVE-2026-21537 was published Feb 10, 2026
jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions High
CVE-2026-1615 was published for jsonpath (npm) Feb 9, 2026
saivarun3407
Credited to saivarun3407
@nyariv/sandboxjs has a Sandbox Escape vulnerability Critical
CVE-2026-25587 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras
Credited to c0rydoras
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2025-70073 was published Feb 5, 2026
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()'... High Unreviewed
CVE-2020-37137 was published Feb 5, 2026
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the... High Unreviewed
CVE-2025-61732 was published Feb 5, 2026
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data... High Unreviewed
CVE-2026-24149 was published Feb 3, 2026
Claude Code has a Command Injection in find Command Bypasses User Approval Prompt High
CVE-2026-24887 was published for @anthropic-ai/claude-code (npm) Feb 3, 2026
FUXA allows Remote Code Execution (RCE) via the project import functionality. High
CVE-2025-69983 was published for fuxa-server (npm) Feb 3, 2026
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor Critical
CVE-2026-25510 was published for ci4-cms-erp/ci4ms (Composer) Feb 2, 2026
Far-Horizons
Credited to Far-Horizons
Langroid has WAF Bypass Leading to RCE in TableChatAgent Critical
CVE-2026-25481 was published for langroid (pip) Feb 2, 2026
Ka7arotto
Credited to Ka7arotto
@backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks High
CVE-2026-25153 was published for @backstage/plugin-techdocs-node (npm) Feb 2, 2026
SandboxJS Vulnerable to Prototype Pollution -> Sandbox Escape -> RCE Critical
CVE-2026-25142 was published for @nyariv/sandboxjs (npm) Feb 2, 2026
c0rydoras
Credited to c0rydoras
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows... Critical Unreviewed
CVE-2020-37052 was published Jan 31, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database