Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

5,032 advisories

Loading
Zebra node crash — V5 transaction hash panic (P2P reachable) Critical
CVE-2026-34202 was published for zebra-chain (Rust) Mar 27, 2026
robustfengbin Credited to robustfengbin, arya2, conradoplg, upbqdn, and alchemydc arya2 arya2
conradoplg conradoplg upbqdn upbqdn alchemydc alchemydc
Ruby LSP has arbitrary code execution through branch setting High
CVE-2026-34060 was published for ruby-lsp (RubyGems) Mar 27, 2026
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function... Moderate Unreviewed
CVE-2026-4965 was published Mar 27, 2026
Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection... High Unreviewed
CVE-2025-15616 was published Mar 27, 2026
Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options High
CVE-2026-33941 was published for handlebars (npm) Mar 27, 2026
Gyde04 Credited to Gyde04
Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial High
CVE-2026-33940 was published for handlebars (npm) Mar 27, 2026
evanj2357 Credited to evanj2357
Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block High
CVE-2026-33938 was published for handlebars (npm) Mar 27, 2026
evanj2357 Credited to evanj2357
Handlebars.js has JavaScript Injection via AST Type Confusion Critical
CVE-2026-33937 was published for handlebars (npm) Mar 27, 2026
RealHurrison Credited to RealHurrison
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote... Critical Unreviewed
CVE-2026-27876 was published Mar 27, 2026
Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is... High Unreviewed
CVE-2026-32669 was published Mar 27, 2026
Spring AI: SpEL injection is triggered when a user-supplied value is used as a filter expression key Critical
CVE-2026-22738 was published for org.springframework.ai:spring-ai-vector-store (Maven) Mar 27, 2026
Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code High
CVE-2026-33943 was published for happy-dom (npm) Mar 26, 2026
tndud042713 Credited to tndud042713
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to... Critical Unreviewed
CVE-2026-30457 was published Mar 26, 2026
Contrast BadAML injection allows arbitrary code execution High
GHSA-g9ww-x58f-9g6m was published for github.com/edgelesssys/contrast (Go) Mar 26, 2026
katexochen Credited to katexochen and sespiros sespiros sespiros
Langflow has Authenticated Code Execution in Agentic Assistant Validation Critical
CVE-2026-33873 was published for langflow (pip) Mar 26, 2026
kexinoh Credited to kexinoh and andifilhohub andifilhohub andifilhohub
BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml High
CVE-2026-33744 was published for bentoml (pip) Mar 26, 2026
golang-not-rust Credited to golang-not-rust
n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode Critical
CVE-2026-33660 was published for n8n (npm) Mar 25, 2026
duddnr0615k Credited to duddnr0615k, simonkoeck, c0rydoras, and nil340 simonkoeck simonkoeck
c0rydoras c0rydoras nil340 nil340
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio... Critical Unreviewed
CVE-2026-32573 was published Mar 25, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters... Critical Unreviewed
CVE-2026-32525 was published Mar 25, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart... Critical Unreviewed
CVE-2026-25447 was published Mar 25, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll... Critical Unreviewed
CVE-2026-27044 was published Mar 25, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad... Critical Unreviewed
CVE-2026-25366 was published Mar 25, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post... High Unreviewed
CVE-2026-25001 was published Mar 25, 2026
thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter... Critical Unreviewed
CVE-2026-26833 was published Mar 25, 2026
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in... Critical Unreviewed
CVE-2026-26831 was published Mar 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database