Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

422 advisories

Loading
Koa has Host Header Injection via ctx.hostname High
CVE-2026-27959 was published for koa (npm) Feb 26, 2026
p80n-sec Credited to p80n-sec
Storybook Dev Server is Vulnerable to WebSocket Hijacking High
CVE-2026-27148 was published for storybook (npm) Feb 26, 2026
Aikido-Security Credited to Aikido-Security, reindaelman, grumpinout1, and JorianWoltjer reindaelman reindaelman
grumpinout1 grumpinout1 JorianWoltjer JorianWoltjer
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution High
CVE-2026-27727 was published for com.mchange:mchange-commons-java (Maven) Feb 25, 2026
dpp Credited to dpp
D-Tale affected by Remote Code Execution through the /save-column-filter endpoint High
CVE-2026-27194 was published for dtale (pip) Feb 19, 2026
eBay API MCP Server Affected by Environment Variable Injection High
CVE-2026-27203 was published for ebay-mcp (npm) Feb 19, 2026
nedlir Credited to nedlir
RediSearch Query Injection in @langchain/langgraph-checkpoint-redis Moderate
CVE-2026-27022 was published for @langchain/langgraph-checkpoint-redis (npm) Feb 18, 2026
yardenporat353 Credited to yardenporat353 and hntrl hntrl hntrl
OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions Low
CVE-2026-24764 was published for openclaw (npm) Feb 17, 2026
KonstantinMirin Credited to KonstantinMirin
ImapEngine affected by command injection via the ID command parameters Moderate
CVE-2026-2469 was published for directorytree/imapengine (Composer) Feb 14, 2026
xcode-mcp-server vulnerable to Command Injection Low
CVE-2026-2178 was published for xcode-mcp-server (npm) Feb 8, 2026
mcp-maigret vulnerable to command injection Moderate
CVE-2026-2130 was published for mcp-maigret (npm) Feb 8, 2026
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses Critical
CVE-2026-25641 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
cristianstaicu Credited to cristianstaicu
@nyariv/sandboxjs has a Sandbox Escape vulnerability Critical
CVE-2026-25587 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras Credited to c0rydoras
@nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution Critical
CVE-2026-25586 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
sofianeelhor Credited to sofianeelhor
@nyariv/sandboxjs has a Sandbox Escape issue Critical
CVE-2026-25520 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras Credited to c0rydoras
jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation) Moderate
CVE-2026-24043 was published for jspdf (npm) Feb 2, 2026
KarimTantawey Credited to KarimTantawey
risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability Moderate
CVE-2026-1050 was published for net.risesoft:risenet-y9boot-support-platform-service (Maven) Jan 17, 2026
Active Job - Object injection security vulnerability Moderate
GHSA-mpwp-4h2m-765c was published for activejob (RubyGems) Jan 16, 2026
Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling Moderate
GHSA-595p-g7xc-c333 was published for algolia/algoliasearch-magento-2 (Composer) Jan 14, 2026
IvanChepurnyi Credited to IvanChepurnyi
Apache Camel camel-neo4j component is vulnerable to cypher injection Moderate
CVE-2025-66169 was published for org.apache.camel:camel-neo4j (Maven) Jan 14, 2026
Quill is vulnerable to XSS via HTML export feature Low
CVE-2025-15056 was published for quill (npm) Jan 13, 2026
records-mover Injection vulnerability Moderate
CVE-2023-7333 was published for records-mover (pip) Jan 8, 2026
Composer is vulnerable to ANSI sequence injection Low
CVE-2025-67746 was published for composer/composer (Composer) Dec 30, 2025
cs278 Credited to cs278
snail-job is vulnerable to Code Injection through QLExpressEngine.doEval function Moderate
CVE-2025-14674 was published for com.aizuda:snail-job (Maven) Dec 14, 2025
OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed High
CVE-2025-64099 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Nov 12, 2025
Jean-Eudes Credited to Jean-Eudes
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters High
CVE-2025-61773 was published for pyload-ng (pip) Oct 9, 2025
odaysec Credited to odaysec
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database