GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,459
Composer 5,543
Erlang 49
GitHub Actions 49
Go 3,413
Maven 6,358
npm 5,601
NuGet 882
pip 4,656
Pub 13
RubyGems 1,027
Rust 1,209
Swift 53

Unreviewed advisories

All unreviewed 296,550

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

29,483 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

baserCMS has OS command injection vulnerability in installer Critical

CVE-2026-30880 was published for baserproject/basercms (Composer) Mar 31, 2026

baserCMS Update Functionality Vulnerable to OS Command Injection Critical

CVE-2026-30877 was published for baserproject/basercms (Composer) Mar 31, 2026

Credited to EricUeda

baserCMS has OS Command Injection Leading to Remote Code Execution (RCE) Critical

CVE-2026-21861 was published for baserproject/basercms (Composer) Mar 31, 2026

Credited to kaminuma

The MAVLink communication protocol does not require cryptographic authentication by default.... Critical Unreviewed

CVE-2026-1579 was published Mar 31, 2026

An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows... Critical Unreviewed

CVE-2026-30285 was published Mar 31, 2026

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows... Critical Unreviewed

CVE-2026-3356 was published Mar 31, 2026

An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows... Critical Unreviewed

CVE-2026-30278 was published Mar 31, 2026

An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77... Critical Unreviewed

CVE-2026-30282 was published Mar 31, 2026

An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3... Critical Unreviewed

CVE-2026-30283 was published Mar 31, 2026

An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows... Critical Unreviewed

CVE-2026-30286 was published Mar 31, 2026

An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers... Critical Unreviewed

CVE-2026-30276 was published Mar 31, 2026

An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite... Critical Unreviewed

CVE-2026-30281 was published Mar 31, 2026

Mflow: Command Injection when serving models with enable_mlserver=True Critical

CVE-2026-0596 was published for mflow (pip) Mar 31, 2026

Credited to ConnorCallison

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability... Critical Unreviewed

CVE-2026-30311 was published Mar 31, 2026

In its design for automatic terminal command execution, Sixth offers two options: Execute safe... Critical Unreviewed

CVE-2026-30310 was published Mar 31, 2026

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability... Critical Unreviewed

CVE-2026-30314 was published Mar 31, 2026

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability... Critical Unreviewed

CVE-2026-30312 was published Mar 31, 2026

OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage... Critical Unreviewed

CVE-2026-32917 was published Mar 31, 2026

Duplicate Advisory: OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes Critical

GHSA-phgf-3849-rgjq was published for openclaw (npm) Mar 31, 2026 • withdrawn

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret... Critical Unreviewed

CVE-2025-15618 was published Mar 31, 2026

SQL inyection (SQLi) vulnerability in Umami Software web application through an improperly... Critical Unreviewed

CVE-2026-4317 was published Mar 31, 2026

Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5.16, within the password... Critical Unreviewed

CVE-2026-3106 was published Mar 31, 2026

Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5.16, affecting the password... Critical Unreviewed

CVE-2026-3107 was published Mar 31, 2026

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code... Critical Unreviewed

CVE-2026-3300 was published Mar 31, 2026

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template... Critical Unreviewed

CVE-2026-4257 was published Mar 31, 2026

Previous 1…5…400 Next

Previous 1 2 3 4 5 6 7 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

29,483 advisories