Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,022
Maven
5,000+
npm
4,752
NuGet
824
pip
4,364
Pub
12
RubyGems
987
Rust
1,141
Swift
50
Unreviewed advisories
All unreviewed
5,000+

26,363 advisories

Loading
n8n has Potential Remote Code Execution via Merge Node Critical
CVE-2026-27497 was published for n8n (npm) Feb 25, 2026
allsmog nil340
Credited to allsmog and nil340
n8n has a Sandbox Escape in its JavaScript Task Runner Critical
CVE-2026-27495 was published for n8n (npm) Feb 25, 2026
c0rydoras
Credited to c0rydoras
n8n has Arbitrary File Read via Python Code Node Sandbox Escape High
CVE-2026-27494 was published for n8n (npm) Feb 25, 2026
MarcoPoloPie Nico-Posada
Credited to MarcoPoloPie and Nico-Posada
n8n has Unauthenticated Expression Evaluation via Form Node Critical
CVE-2026-27493 was published for n8n (npm) Feb 25, 2026
eilonc-pillar
Credited to eilonc-pillar
Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute Moderate
CVE-2026-25736 was published for rucio-webui (pip) Feb 25, 2026
d-woosley
Credited to d-woosley
Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name Moderate
CVE-2026-25735 was published for rucio-webui (pip) Feb 25, 2026
d-woosley
Credited to d-woosley
Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata Moderate
CVE-2026-25734 was published for rucio-webui (pip) Feb 25, 2026
d-woosley
Credited to d-woosley
Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting High
CVE-2026-3105 was published for mautic/core (Composer) Feb 25, 2026
q1uf3ng patrykgruszka
Credited to q1uf3ng and patrykgruszka
ImageMagick has a heap Buffer Over-read in its DJVU image format handler Moderate
CVE-2026-27799 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ImageMagick: Heap Buffer Over-read in WaveletDenoise when processing small images Moderate
CVE-2026-27798 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613
Credited to ylwango613
hexchat crate has a Use After Free vulnerability High
GHSA-x43w-ph7m-pfjx was published for hexchat (Rust) Feb 25, 2026
CIRCL has an incorrect calculation in secp384r1 CombinedMult Low
CVE-2026-1229 was published for github.com/cloudflare/circl (Go) Feb 25, 2026
ImageMagick: Heap-based Buffer Overflow in GetPixelIndex due to metadata-cache desynchronization Low
GHSA-gq5v-qf8q-fp77 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613
Credited to ylwango613
ImageMagick: Memory Leak in multiple coders that write raw pixel data Low
GHSA-wfx3-6g53-9fgc was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613
Credited to ylwango613
ImageMagick: Memory leak in coders/txt.c without freetype Low
GHSA-3q5f-gmjc-38r8 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
unbengable12
Credited to unbengable12
ImageMagick: SVG-to-MVG Command Injection via coders/svg.c Low
GHSA-xpg8-7m6m-jf56 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
phenggeler
Credited to phenggeler
ImageMagick: Malicious PCD files trigger 1‑byte heap Out-of-bounds Read and DoS Low
GHSA-wgxp-q8xq-wpp9 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613
Credited to ylwango613
mageMagick has a possible use-after-free write in its PDB decoder Low
GHSA-3j4x-rwrx-xxj9 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
zerojackyi
Credited to zerojackyi
ImageMagick has a possible heap Use After Free vulnerability in its meta coder Low
GHSA-2gq3-ww97-wfjm was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613
Credited to ylwango613
Craft CMS has Stored XSS in Table Field in its "Row Heading" Column Type Low
GHSA-6j87-m5qx-9fqp was published for craftcms/cms (Composer) Feb 25, 2026
mHe4am
Credited to mHe4am
changedetection.io is Vulnerable to SSRF via Watch URLs High
CVE-2026-27696 was published for changedetection.io (pip) Feb 25, 2026
route2shell
Credited to route2shell
changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response Moderate
CVE-2026-27645 was published for changedetection.io (pip) Feb 25, 2026
Akokonunes neo-ai-engineer
Credited to Akokonunes and neo-ai-engineer
Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection Critical
CVE-2026-27641 was published for flask-reuploaded (pip) Feb 25, 2026
cjaron03
Credited to cjaron03
Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions High
CVE-2026-27610 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza
Credited to mtrezza
Parse Dashboard is Missing CSRF Protection for its Agent Endpoint High
CVE-2026-27609 was published for parse-dashboard (npm) Feb 25, 2026
mtrezza
Credited to mtrezza
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database