Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection High
CVE-2026-45370 was published for utcp-cli (pip) May 14, 2026
ZeroXJacks Credited to ZeroXJacks
utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol Critical
CVE-2026-45369 was published for utcp-cli (pip) May 14, 2026
ZeroXJacks Credited to ZeroXJacks
FacturaScripts Vulnerable to Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism High
CVE-2026-27891 was published for facturascripts/facturascripts (Composer) May 7, 2026
ZeroXJacks Credited to ZeroXJacks
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load Moderate
CVE-2026-34446 was published for onnx (pip) Apr 1, 2026
ZeroXJacks Credited to ZeroXJacks
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings. High
CVE-2026-34445 was published for onnx (pip) Apr 1, 2026
ZeroXJacks Credited to ZeroXJacks
AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr() Moderate
CVE-2026-33690 was published for wwbn/avideo (Composer) Mar 25, 2026
ZeroXJacks Credited to ZeroXJacks
Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS Moderate
GHSA-rf74-v2fm-23pw was published for nltk (pip) Mar 18, 2026
ZeroXJacks Credited to ZeroXJacks
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack High
CVE-2026-28500 was published for onnx (pip) Mar 16, 2026
ZeroXJacks Credited to ZeroXJacks
jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method High
CVE-2026-25755 was published for jspdf (npm) Feb 19, 2026
ZeroXJacks Credited to ZeroXJacks
jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions High
CVE-2026-25535 was published for jspdf (npm) Feb 19, 2026
ZeroXJacks Credited to ZeroXJacks
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection High
CVE-2026-25762 was published for @adonisjs/bodyparser (npm) Feb 6, 2026
ZeroXJacks Credited to ZeroXJacks
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database