Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

4,596 advisories

Loading
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in... High Unreviewed
CVE-2026-4946 was published Mar 29, 2026
In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command... High Unreviewed
CVE-2026-34005 was published Mar 29, 2026
wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body` Critical
CVE-2026-34243 was published for njzjz/wenxian (GitHub Actions) Mar 29, 2026
choseogyeong Credited to choseogyeong
Flannel has cross-node remote code execution via extension backend BackendData injection High
CVE-2026-32241 was published for github.com/flannel-io/flannel (Go) Mar 27, 2026
shachartal Credited to shachartal
The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability... Critical Unreviewed
CVE-2026-30302 was published Mar 27, 2026
The command auto-approval module in Axon Code contains an OS Command Injection vulnerability,... Critical Unreviewed
CVE-2026-30303 was published Mar 27, 2026
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to... High Unreviewed
CVE-2026-4622 was published Mar 27, 2026
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to... High Unreviewed
CVE-2026-4620 was published Mar 27, 2026
OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability... High Unreviewed
CVE-2026-27650 was published Mar 27, 2026
Ruckus Unleashed contains a remote code execution vulnerability in the web-based management... High Unreviewed
CVE-2023-7338 was published Mar 26, 2026
thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os... High Unreviewed
CVE-2026-26213 was published Mar 26, 2026
LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write High
GHSA-pr3g-phhr-h8fh was published for librenms/librenms (Composer) Mar 26, 2026
YuriNek0 Credited to YuriNek0
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management... High Unreviewed
CVE-2025-15101 was published Mar 26, 2026
OpenHands is Vulnerable to Command Injection through its Git Diff Handler High
CVE-2026-33718 was published for openhands (pip) Mar 25, 2026
yueyueL Credited to yueyueL and ESPanda666 ESPanda666 ESPanda666
node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter Critical
CVE-2026-26832 was published for node-tesseract-ocr (npm) Mar 25, 2026
AVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File Path High
CVE-2026-33648 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
Modoboa has OS Command Injection High
CVE-2026-27602 was published for modoboa (pip) Mar 25, 2026
ByamB4 Credited to ByamB4
pdf-image has an OS Command Injection Vulnerability through its pdfFilePath parameter Critical
CVE-2026-26830 was published for pdf-image (npm) Mar 25, 2026
Host and event action script input is validated with a regex (set by the administrator), but the... High Unreviewed
CVE-2026-23920 was published Mar 24, 2026
PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution Moderate
CVE-2026-33623 was published for github.com/pinchtab/pinchtab (Go) Mar 24, 2026
Yesuhei Credited to Yesuhei
Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables... Low Unreviewed
CVE-2025-11571 was published Mar 24, 2026
Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a command injection... Critical Unreviewed
CVE-2025-71275 was published Mar 24, 2026
sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows Moderate
CVE-2026-32948 was published for org.scala-sbt:sbt (Maven) Mar 24, 2026
anatoliykmetyuk Credited to anatoliykmetyuk and eed3si9n eed3si9n eed3si9n
Indico discloses local files resulting in Remote Code Execution through LaTeX injection High
CVE-2026-33046 was published for indico (pip) Mar 23, 2026
dreyercito Credited to dreyercito and daw1012345 daw1012345 daw1012345
Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200,... High Unreviewed
CVE-2025-15518 was published Mar 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database