Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,057 advisories

Loading
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter Critical
CVE-2026-26216 was published for Crawl4AI (pip) Jan 16, 2026
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to... Critical Unreviewed
CVE-2020-37186 was published Feb 11, 2026
Langroid has WAF Bypass Leading to RCE in TableChatAgent Critical
CVE-2026-25481 was published for langroid (pip) Feb 2, 2026
Ka7arotto
Credited to Ka7arotto
@nyariv/sandboxjs has a Sandbox Escape vulnerability Critical
CVE-2026-25587 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras
Credited to c0rydoras
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2025-70073 was published Feb 5, 2026
Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE) Critical
CVE-2026-23733 was published for @lobehub/chat (npm) Jan 20, 2026
c2an1
Credited to c2an1
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor Critical
CVE-2026-25510 was published for ci4-cms-erp/ci4ms (Composer) Feb 2, 2026
Far-Horizons
Credited to Far-Horizons
SandboxJS Vulnerable to Prototype Pollution -> Sandbox Escape -> RCE Critical
CVE-2026-25142 was published for @nyariv/sandboxjs (npm) Feb 2, 2026
c0rydoras
Credited to c0rydoras
Orval has Code Injection via unsanitized x-enum-descriptions using JS comments Critical
CVE-2026-25141 was published for @orval/core (npm) Jan 30, 2026
progfay k14uz
Credited to progfay and k14uz
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows... Critical Unreviewed
CVE-2020-37052 was published Jan 31, 2026
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated... Critical Unreviewed
CVE-2026-1281 was published Jan 30, 2026
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated... Critical Unreviewed
CVE-2026-1340 was published Jan 30, 2026
An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remote attacker to execute... Critical Unreviewed
CVE-2025-69517 was published Jan 28, 2026
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor Critical
CVE-2026-23830 was published for @nyariv/sandboxjs (npm) Jan 27, 2026
nyxsorcerer
Credited to nyxsorcerer
vm2 has a Sandbox Escape Critical
CVE-2026-22709 was published for vm2 (npm) Jan 26, 2026
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser... Critical Unreviewed
CVE-2025-69564 was published Jan 27, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio... Critical Unreviewed
CVE-2025-67944 was published Jan 22, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event... Critical Unreviewed
CVE-2025-68015 was published Jan 22, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in pilgrimage233... Critical Unreviewed
CVE-2026-24871 was published Jan 27, 2026
Code Injection in node-rules Critical
CVE-2020-7609 was published for node-rules (npm) Dec 10, 2021
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console... Critical Unreviewed
CVE-2024-50498 was published Oct 28, 2024
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2026-0768 was published Jan 23, 2026
Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution... Critical Unreviewed
CVE-2026-0761 was published Jan 23, 2026
Salesforce Uni2TS has a Code Injection vulnerability Critical
CVE-2026-22584 was published for uni2ts (pip) Jan 10, 2026
augustocesarperin
Credited to augustocesarperin
ipTIME routers A2003NS-MU 10.00.6 to 12.16.2 , N600 10.00.8 to 12.16.2, A604-V3 10.01.6 to 10.07... Critical Unreviewed
CVE-2025-55423 was published Jan 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database