Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,460 advisories

Loading
Authenticated Remote Code Execution via loadReader functionName code injection in DbGate Critical
CVE-2026-47670 was published for dbgate-api (npm) Jun 5, 2026
tomasvanagas Credited to tomasvanagas
The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is... Critical Unreviewed
CVE-2025-67447 was published Jun 4, 2026
An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03... Critical Unreviewed
CVE-2026-35906 was published Jun 4, 2026
The system fails to evaluate instructional permissions over multiple internal operation codes ... Critical Unreviewed
CVE-2026-49190 was published Jun 4, 2026
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(),... Critical Unreviewed
CVE-2026-49185 was published Jun 4, 2026
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas... Critical Unreviewed
CVE-2026-36576 was published Jun 3, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41274 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41276 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41277 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41275 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41269 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41272 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41270 was published May 29, 2026
Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the... Critical Unreviewed
CVE-2026-9645 was published May 28, 2026
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers... Critical Unreviewed
CVE-2026-4408 was published May 28, 2026
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS... Critical Unreviewed
CVE-2026-9560 was published May 26, 2026
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the... Critical Unreviewed
CVE-2026-48687 was published May 26, 2026
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron Critical
CVE-2026-46716 was published for github.com/nezhahq/nezha (Go) May 23, 2026
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes Critical
CVE-2026-46339 was published for 9router (npm) May 19, 2026
sondt99 Credited to sondt99
Kopia: RCE via SSH ProxyCommand Injection Critical
CVE-2026-45695 was published for github.com/kopia/kopia (Go) May 19, 2026
berardinellidaniele Credited to berardinellidaniele
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin... Critical Unreviewed
CVE-2026-37281 was published May 19, 2026
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code... Critical Unreviewed
CVE-2026-41553 was published May 15, 2026
utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol Critical
CVE-2026-45369 was published for utcp-cli (pip) May 14, 2026
ZeroXJacks Credited to ZeroXJacks
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI... Critical Unreviewed
CVE-2026-8500 was published May 14, 2026
ELECOM wireless LAN access point devices contain an OS command injection in processing of... Critical Unreviewed
CVE-2026-42062 was published May 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database