Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

5,056 advisories

Loading
Kedro has Arbitrary Code Execution via Malicious Logging Configuration Critical
CVE-2026-35171 was published for kedro (pip) Apr 3, 2026
Wernerina Credited to Wernerina
The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file,... High Unreviewed
CVE-2026-1540 was published Apr 2, 2026
lodash vulnerable to Code Injection via `_.template` imports key names High
CVE-2026-4800 was published for lodash (npm) Apr 1, 2026
dolevmiz1 Credited to dolevmiz1, bugbunny-research, M0nd0R, UlisesGascon, falsyvalues, jonchurch, threalwinky, and jdalton bugbunny-research bugbunny-research
M0nd0R M0nd0R UlisesGascon UlisesGascon falsyvalues falsyvalues jonchurch jonchurch threalwinky threalwinky jdalton jdalton
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration High
CVE-2026-34725 was published for dbgate-web (npm) Apr 1, 2026
ngocnn97 Credited to ngocnn97
An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup... Critical Unreviewed
CVE-2026-30643 was published Apr 1, 2026
There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character... Critical Unreviewed
CVE-2024-40489 was published Apr 1, 2026
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode... High Unreviewed
CVE-2026-35093 was published Apr 1, 2026
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection... Critical Unreviewed
CVE-2026-29014 was published Apr 1, 2026
XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose... High Unreviewed
CVE-2025-71281 was published Apr 1, 2026
XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but... High Unreviewed
CVE-2026-35056 was published Apr 1, 2026
SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution High
CVE-2026-34585 was published for github.com/siyuan-note/siyuan/kernel (Go) Apr 1, 2026
ngocnn97 Credited to ngocnn97
TorchGeo Remote Code Execution Vulnerability High
CVE-2024-49048 was published for torchgeo (pip) Apr 1, 2026
zpbrent Credited to zpbrent, calebrob6, and adamjstewart calebrob6 calebrob6
adamjstewart adamjstewart
SiYuan: Stored XSS in Attribute View Gallery/Kanban Cover Rendering Allows Arbitrary Command Execution in Desktop Client Critical
CVE-2026-34448 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 31, 2026
ngocnn97 Credited to ngocnn97
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code... Critical Unreviewed
CVE-2026-3300 was published Mar 31, 2026
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template... Critical Unreviewed
CVE-2026-4257 was published Mar 31, 2026
Syntx's command auto-approval module contains a critical OS command injection vulnerability that... Critical Unreviewed
CVE-2026-30305 was published Mar 30, 2026
In its design for automatic terminal command execution, HAI Build Code Generator offers two... Critical Unreviewed
CVE-2026-30308 was published Mar 30, 2026
Roo Code's command auto-approval module contains a critical OS command injection vulnerability... Critical Unreviewed
CVE-2026-30307 was published Mar 30, 2026
In its design for automatic terminal command execution, SakaDev offers two options: Execute safe... Critical Unreviewed
CVE-2026-30306 was published Mar 30, 2026
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability... Critical Unreviewed
CVE-2026-30313 was published Mar 30, 2026
Zebra node crash — V5 transaction hash panic (P2P reachable) Critical
CVE-2026-34202 was published for zebra-chain (Rust) Mar 27, 2026
robustfengbin Credited to robustfengbin, arya2, conradoplg, upbqdn, and alchemydc arya2 arya2
conradoplg conradoplg upbqdn upbqdn alchemydc alchemydc
Ruby LSP has arbitrary code execution through branch setting High
CVE-2026-34060 was published for ruby-lsp (RubyGems) Mar 27, 2026
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function... Moderate Unreviewed
CVE-2026-4965 was published Mar 27, 2026
Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection... High Unreviewed
CVE-2025-15616 was published Mar 27, 2026
Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options High
CVE-2026-33941 was published for handlebars (npm) Mar 27, 2026
Gyde04 Credited to Gyde04
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database