Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

2,722 advisories

Loading
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified... High Unreviewed
CVE-2026-20045 was published Jan 21, 2026
vLLM affected by RCE via auto_map dynamic module loading during model initialization High
CVE-2026-22807 was published for vllm (pip) Jan 21, 2026
zaddy6 arthurgervais
DarkLight1337 russellb
Credited to zaddy6, arthurgervais, DarkLight1337, and russellb
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could... High Unreviewed
CVE-2025-33233 was published Jan 20, 2026
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor... High Unreviewed
CVE-2026-0863 was published Jan 18, 2026
Skipper is vulnerable to arbitrary code execution through lua filters High
CVE-2026-23742 was published for github.com/zalando/skipper (Go) Jan 16, 2026
moyushui b0b0haha
Credited to moyushui and b0b0haha
Shopware Has Improper Control of Generation of Code in Twig rendered views High
CVE-2026-23498 was published for shopware/core (Composer) Jan 14, 2026
lukasz-rybak andreisss
Credited to lukasz-rybak and andreisss
Wing FTP Server versions 4.3.8 and below contain an authenticated remote code execution... High Unreviewed
CVE-2022-50934 was published Jan 14, 2026
4images 1.9 contains a remote command execution vulnerability that allows authenticated... High Unreviewed
CVE-2022-50806 was published Jan 14, 2026
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution... High Unreviewed
CVE-2022-50898 was published Jan 14, 2026
Envoy Extension Policy lua scripts injection causes arbitrary command execution High
CVE-2026-22771 was published for github.com/envoyproxy/gateway (Go) Jan 13, 2026
rikatz rudrakhp
guydc arkodg
Credited to rikatz, rudrakhp, guydc, and arkodg
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious... High Unreviewed
CVE-2025-41717 was published Jan 13, 2026
pnpm vulnerable to Command Injection via environment variable substitution High
CVE-2025-69262 was published for pnpm (npm) Jan 7, 2026
Sy2n0
Credited to Sy2n0
An improper control of generation of code vulnerability has been reported to affect Malware... High Unreviewed
CVE-2025-11837 was published Jan 2, 2026
Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package High
CVE-2025-68619 was published for signalk-server (npm) Jan 2, 2026
atsc11
Credited to atsc11
Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter High
GHSA-46h3-79wf-xr6c was published for picklescan (pip) Dec 30, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller High
GHSA-955r-x9j8-7rhh was published for picklescan (pip) Dec 30, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef High
GHSA-rrxm-2pvv-m66x was published for picklescan (pip) Dec 30, 2025
ac0d3r Lyutoon
Credited to ac0d3r and Lyutoon
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code... High Unreviewed
CVE-2025-14509 was published Dec 30, 2025
The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to,... High Unreviewed
CVE-2025-13592 was published Dec 29, 2025
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval High
GHSA-3329-ghmp-jmv5 was published for picklescan (pip) Dec 29, 2025
CoolwindHF
Credited to CoolwindHF
Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller High
GHSA-x843-g5mx-g377 was published for picklescan (pip) Dec 29, 2025
CoolwindHF
Credited to CoolwindHF
CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content... High Unreviewed
CVE-2021-47736 was published Dec 23, 2025
Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution... High Unreviewed
CVE-2025-14928 was published Dec 23, 2025
Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability... High Unreviewed
CVE-2025-14927 was published Dec 23, 2025
CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in... High Unreviewed
CVE-2021-47735 was published Dec 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database