Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

931 advisories

Loading
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker Critical
CVE-2026-3059 was published for sglang (pip) Mar 12, 2026
SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module Critical
CVE-2026-3060 was published for sglang (pip) Mar 12, 2026
A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to... Critical Unreviewed
CVE-2025-56422 was published Mar 10, 2026
SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads... Critical Unreviewed
CVE-2026-27685 was published Mar 10, 2026
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2026-2599 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object... Critical Unreviewed
CVE-2026-28074 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object... Critical Unreviewed
CVE-2026-28105 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object... Critical Unreviewed
CVE-2026-27439 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object... Critical Unreviewed
CVE-2026-27438 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows... Critical Unreviewed
CVE-2026-27417 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows... Critical Unreviewed
CVE-2026-27437 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object... Critical Unreviewed
CVE-2026-22497 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object... Critical Unreviewed
CVE-2026-22501 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre... Critical Unreviewed
CVE-2026-22474 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object... Critical Unreviewed
CVE-2026-22475 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object... Critical Unreviewed
CVE-2026-22454 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows... Critical Unreviewed
CVE-2026-22451 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object... Critical Unreviewed
CVE-2026-22453 was published Mar 5, 2026
Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object... Critical Unreviewed
CVE-2025-54001 was published Mar 5, 2026
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center ... Critical Unreviewed
CVE-2026-20131 was published Mar 4, 2026
An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , ... Critical Unreviewed
CVE-2025-57622 was published Mar 3, 2026
Qwik vulnerable to Unauthenticated RCE via server$ Deserialization Critical
CVE-2026-27971 was published for @builder.io/qwik (npm) Mar 2, 2026
sebastianosrt Credited to sebastianosrt
U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing... Critical Unreviewed
CVE-2026-3422 was published Mar 2, 2026
Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes insecure .NET... Critical Unreviewed
CVE-2026-26222 was published Feb 24, 2026
Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows... Critical Unreviewed
CVE-2025-69404 was published Feb 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database