Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

166 advisories

Loading
OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories High
GHSA-99qw-6mr3-36qr was published for openclaw (npm) Mar 13, 2026
lintsinghua Credited to lintsinghua
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was... Critical Unreviewed
CVE-2025-70046 was published Mar 9, 2026
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal... High Unreviewed
CVE-2026-28135 was published Mar 5, 2026
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL High
GHSA-p4wh-cr8m-gm6c was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`) High
GHSA-5gj7-jf77-q2q2 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to... Moderate Unreviewed
CVE-2026-1628 was published Mar 2, 2026
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing... High Unreviewed
CVE-2026-28372 was published Feb 27, 2026
Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde High
CVE-2026-26974 was published for @tygo-van-den-hurk/slyde (npm) Feb 18, 2026
Tygo-van-den-Hurk Credited to Tygo-van-den-Hurk
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS)... Moderate Unreviewed
CVE-2026-26079 was published Feb 11, 2026
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview... Critical Unreviewed
CVE-2026-1699 was published Jan 30, 2026
Langflow affected by Remote Code Execution via validate_code() exec() High
CVE-2026-0770 was published for langflow (pip) Jan 23, 2026
affix Credited to affix
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation Critical
CVE-2025-68924 was published for UmbracoForms (NuGet) Jan 13, 2026
chudyPB Credited to chudyPB
FASTJSON Includes Functionality from Untrusted Control Sphere Critical
CVE-2025-70974 was published for com.alibaba:fastjson (Maven) Jan 9, 2026
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows... Moderate Unreviewed
CVE-2020-36924 was published Jan 6, 2026
FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the... Moderate Unreviewed
CVE-2020-36905 was published Jan 6, 2026
The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject... Moderate Unreviewed
CVE-2025-67842 was published Dec 19, 2025
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project... Low Unreviewed
CVE-2025-68162 was published Dec 16, 2025
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable. High Unreviewed
CVE-2025-67900 was published Dec 15, 2025
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook Critical
CVE-2025-65964 was published for n8n (npm) Dec 8, 2025
Malayke Credited to Malayke
Akamai Guardicore Platform Agent before 52.1.1 allows an unprivileged user to fully elevate... High Unreviewed
CVE-2025-53841 was published Dec 3, 2025
NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could... High Unreviewed
CVE-2025-33205 was published Nov 25, 2025
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The... High Unreviewed
CVE-2024-32011 was published Nov 11, 2025
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events High
CVE-2025-64496 was published for open-webui (npm) Nov 7, 2025
vitalysim Credited to vitalysim
On a client with an admin user, a Global_Shipping script can be implemented. The script could... High Unreviewed
CVE-2025-12509 was published Oct 31, 2025
n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook High
CVE-2025-62726 was published for n8n (npm) Oct 30, 2025
assaf-levkovich-jf Credited to assaf-levkovich-jf
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database