GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,553
Composer 5,554
Erlang 49
GitHub Actions 49
Go 3,426
Maven 6,365
npm 5,645
NuGet 882
pip 4,670
Pub 13
RubyGems 1,029
Rust 1,212
Swift 53

Unreviewed advisories

All unreviewed 296,685

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

4,218 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile &... Moderate Unreviewed

CVE-2026-3309 was published Apr 4, 2026

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file,... High Unreviewed

CVE-2026-1540 was published Apr 2, 2026

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup... Critical Unreviewed

CVE-2026-30643 was published Apr 1, 2026

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character... Critical Unreviewed

CVE-2024-40489 was published Apr 1, 2026

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection... Critical Unreviewed

CVE-2026-29014 was published Apr 1, 2026

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode... High Unreviewed

CVE-2026-35093 was published Apr 1, 2026

XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose... High Unreviewed

CVE-2025-71281 was published Apr 1, 2026

XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but... High Unreviewed

CVE-2026-35056 was published Apr 1, 2026

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code... Critical Unreviewed

CVE-2026-3300 was published Mar 31, 2026

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template... Critical Unreviewed

CVE-2026-4257 was published Mar 31, 2026

Roo Code's command auto-approval module contains a critical OS command injection vulnerability... Critical Unreviewed

CVE-2026-30307 was published Mar 30, 2026

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability... Critical Unreviewed

CVE-2026-30313 was published Mar 30, 2026

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe... Critical Unreviewed

CVE-2026-30306 was published Mar 30, 2026

In its design for automatic terminal command execution, HAI Build Code Generator offers two... Critical Unreviewed

CVE-2026-30308 was published Mar 30, 2026

Syntx's command auto-approval module contains a critical OS command injection vulnerability that... Critical Unreviewed

CVE-2026-30305 was published Mar 30, 2026

CrewAI does not properly check that Docker is still running during runtime, and will fall back to... Critical Unreviewed

CVE-2026-2287 was published Mar 30, 2026

A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function... Moderate Unreviewed

CVE-2026-4965 was published Mar 27, 2026

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection... High Unreviewed

CVE-2025-15616 was published Mar 27, 2026

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote... Critical Unreviewed

CVE-2026-27876 was published Mar 27, 2026

Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is... High Unreviewed

CVE-2026-32669 was published Mar 27, 2026

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to... Critical Unreviewed

CVE-2026-30457 was published Mar 26, 2026

Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio... Critical Unreviewed

CVE-2026-32573 was published Mar 25, 2026

Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters... Critical Unreviewed

CVE-2026-32525 was published Mar 25, 2026

Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll... Critical Unreviewed

CVE-2026-27044 was published Mar 25, 2026

Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart... Critical Unreviewed

CVE-2026-25447 was published Mar 25, 2026

Previous1…169 Next

Previous 1 2 3 4 5 … 168 169 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

4,218 advisories