Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,129
Maven
5,000+
npm
5,000+
NuGet
830
pip
4,436
Pub
12
RubyGems
988
Rust
1,172
Swift
50
Unreviewed advisories
All unreviewed
5,000+

4,962 advisories

Loading
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could... High Unreviewed
CVE-2026-2273 was published Mar 10, 2026
RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface Critical
CVE-2026-30960 was published for rssn (Rust) Mar 10, 2026
panayang Credited to panayang
AzuraCast: RCE via Liquidsoap string interpolation injection in station metadata and playlist URLs High
GHSA-93fx-5qgc-wr38 was published for azuracast/azuracast (Composer) Mar 9, 2026
q1uf3ng Credited to q1uf3ng
The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up... High Unreviewed
CVE-2026-3352 was published Mar 7, 2026
OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE Critical
CVE-2026-30887 was published for @oneuptime/common (npm) Mar 7, 2026
hunterxsirago1 Credited to hunterxsirago1
The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress... Moderate Unreviewed
CVE-2026-2830 was published Mar 6, 2026
An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to... High Unreviewed
CVE-2025-70995 was published Mar 5, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine... High Unreviewed
CVE-2026-28134 was published Mar 5, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Marketing Fire Widget... Critical Unreviewed
CVE-2026-27984 was published Mar 5, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall... Critical Unreviewed
CVE-2026-22390 was published Mar 5, 2026
changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text() High
CVE-2026-29039 was published for changedetection.io (pip) Mar 4, 2026
DhiyaneshGeek Credited to DhiyaneshGeek and neo-ai-engineer neo-ai-engineer neo-ai-engineer
A vulnerability has been identified in a standardized wireless roaming protocol that could enable... Moderate Unreviewed
CVE-2026-23808 was published Mar 4, 2026
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to... High Unreviewed
CVE-2025-70341 was published Mar 4, 2026
OpenClaw hook transform path containment missed symlink-resolved escapes High
GHSA-659f-22xc-98f2 was published for openclaw (npm) Mar 3, 2026
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated... High Unreviewed
CVE-2024-55022 was published Mar 3, 2026
Craft CMS has Twig Function Blocklist Bypass Moderate
CVE-2026-28783 was published for craftcms/cms (Composer) Mar 3, 2026
mHe4am Credited to mHe4am
Craft CMS Vulnerable to Authenticated RCE via Twig SSTI - create() function + Symfony Process gadget Moderate
CVE-2026-28695 was published for craftcms/cms (Composer) Mar 3, 2026
andreisss Credited to andreisss
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a... Low Unreviewed
CVE-2023-31044 was published Mar 3, 2026
Apache Ranger has a Code Injection vulnerability Critical
CVE-2025-59059 was published for org.apache.ranger:ranger-plugins-common (Maven) Mar 3, 2026
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2026-3132 was published Mar 2, 2026
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The... Critical Unreviewed
CVE-2026-24105 was published Mar 2, 2026
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution... High Unreviewed
CVE-2026-26699 was published Mar 2, 2026
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2026-26720 was published Mar 2, 2026
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of ... Critical Unreviewed
CVE-2026-24107 was published Mar 2, 2026
A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file... Moderate Unreviewed
CVE-2026-3395 was published Mar 1, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database