Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

5,057 advisories

Loading
Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin High
CVE-2026-32276 was published for opensource-workshop/connect-cms (Composer) Mar 23, 2026
odgrso Credited to odgrso
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews,... High Unreviewed
CVE-2025-10679 was published Mar 23, 2026
The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the ... Moderate Unreviewed
CVE-2026-4004 was published Mar 21, 2026
The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is... Moderate Unreviewed
CVE-2024-13785 was published Mar 21, 2026
The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to,... Critical Unreviewed
CVE-2026-3584 was published Mar 21, 2026
AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin High
CVE-2026-33479 was published for wwbn/avideo (Composer) Mar 20, 2026
offset Credited to offset
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. Critical Unreviewed
CVE-2024-44722 was published Mar 20, 2026
OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi... Critical Unreviewed
CVE-2025-67113 was published Mar 19, 2026
An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2026-30694 was published Mar 19, 2026
Intake has a Command Injection via shell() Expansion in Parameter Defaults High
CVE-2026-33310 was published for intake (pip) Mar 19, 2026
redyank Credited to redyank
Langflow has an Arbitrary File Write (RCE) via v2 API Critical
CVE-2026-33309 was published for langflow (pip) Mar 19, 2026
akshatgit Credited to akshatgit, abhinavagarwal07, Jkavia, and andifilhohub abhinavagarwal07 abhinavagarwal07
Jkavia Jkavia andifilhohub andifilhohub
An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2026-30402 was published Mar 19, 2026
dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver High
CVE-2026-33154 was published for dynaconf (pip) Mar 18, 2026
redyank Credited to redyank
Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py Critical
CVE-2026-33057 was published for mesop (pip) Mar 18, 2026
liyander Credited to liyander
An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary... Critical Unreviewed
CVE-2026-29859 was published Mar 18, 2026
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint Critical
CVE-2026-33017 was published for langflow (pip) Mar 17, 2026
Aviral2642 Credited to Aviral2642, andifilhohub, Jkavia, and srmish-jfrog andifilhohub andifilhohub
Jkavia Jkavia srmish-jfrog srmish-jfrog
This High severity RCE (Remote Code Execution)  vulnerability was introduced in versions 9.6.0,... High Unreviewed
CVE-2026-21570 was published Mar 17, 2026
A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2... Critical Unreviewed
CVE-2025-69902 was published Mar 16, 2026
The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is... High Unreviewed
CVE-2025-50881 was published Mar 16, 2026
A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of... Moderate Unreviewed
CVE-2026-4239 was published Mar 16, 2026
A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release... High Unreviewed
CVE-2026-3476 was published Mar 16, 2026
MLflow has a command injection in mlflow/sagemaker/__init__.py High
CVE-2025-14287 was published for mlflow (pip) Mar 16, 2026
"Functions" module in Raytha CMS allows privileged users to write custom code to add... High Unreviewed
CVE-2025-15540 was published Mar 16, 2026
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote... High Unreviewed
CVE-2026-3910 was published Mar 13, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo... High Unreviewed
CVE-2026-32414 was published Mar 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database