Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

2,722 advisories

Loading
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1... High Unreviewed
CVE-2024-42845 was published Aug 23, 2024
Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC High
CVE-2026-26056 was published for github.com/yokecd/yoke (Go) Feb 12, 2026
b0b0haha lixingquzhi
Credited to b0b0haha and lixingquzhi
ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that... High Unreviewed
CVE-2020-37167 was published Feb 13, 2026
An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute... High Unreviewed
CVE-2025-63421 was published Feb 12, 2026
jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions High
CVE-2026-1615 was published for jsonpath (npm) Feb 9, 2026
saivarun3407
Credited to saivarun3407
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code... High Unreviewed
CVE-2026-0969 was published Feb 12, 2026
FUXA allows Remote Code Execution (RCE) via the project import functionality. High
CVE-2025-69983 was published for fuxa-server (npm) Feb 3, 2026
CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of... High Unreviewed
CVE-2026-1226 was published Feb 11, 2026
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2026-1560 was published Feb 11, 2026
The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all... High Unreviewed
CVE-2025-14541 was published Feb 11, 2026
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule High
CVE-2025-67750 was published for lightning-flow-scanner (npm) Dec 12, 2025
CamilleGuillory RubenHalman
Credited to CamilleGuillory and RubenHalman
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. High Unreviewed
CVE-2025-64676 was published Dec 19, 2025
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows... High Unreviewed
CVE-2026-21537 was published Feb 10, 2026
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor... High Unreviewed
CVE-2026-0863 was published Jan 18, 2026
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()'... High Unreviewed
CVE-2020-37137 was published Feb 5, 2026
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the... High Unreviewed
CVE-2025-61732 was published Feb 5, 2026
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious... High Unreviewed
CVE-2025-41717 was published Jan 13, 2026
Claude Code has a Command Injection in find Command Bypasses User Approval Prompt High
CVE-2026-24887 was published for @anthropic-ai/claude-code (npm) Feb 3, 2026
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data... High Unreviewed
CVE-2026-24149 was published Feb 3, 2026
@backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks High
CVE-2026-25153 was published for @backstage/plugin-techdocs-node (npm) Feb 2, 2026
Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload High
CVE-2025-62348 was published for salt (pip) Jan 30, 2026
AutoGPT is Vulnerable to RCE via Disabled Block Execution High
CVE-2026-24780 was published for agpt (pip) Jan 29, 2026
rahulgovind
Credited to rahulgovind
PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files High
CVE-2026-24747 was published for pytorch (pip) Jan 27, 2026
azraelxuemo
Credited to azraelxuemo
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution... High Unreviewed
CVE-2022-50898 was published Jan 14, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Beaver Builder Beaver... High Unreviewed
CVE-2025-69319 was published Jan 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database