Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,951
Maven
5,000+
npm
4,596
NuGet
787
pip
4,302
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,057 advisories

Loading
All versions of the package jsonpath are vulnerable to Arbitrary Code Injection via unsafe... Critical Unreviewed
CVE-2026-1615 was published Feb 9, 2026
@nyariv/sandboxjs has a Sandbox Escape vulnerability Critical
CVE-2026-25587 was published for @nyariv/sandboxjs (npm) Feb 5, 2026
c0rydoras
Credited to c0rydoras
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2025-70073 was published Feb 5, 2026
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor Critical
CVE-2026-25510 was published for ci4-cms-erp/ci4ms (Composer) Feb 2, 2026
Far-Horizons
Credited to Far-Horizons
Langroid has WAF Bypass Leading to RCE in TableChatAgent Critical
CVE-2026-25481 was published for langroid (pip) Feb 2, 2026
Ka7arotto
Credited to Ka7arotto
SandboxJS Vulnerable to Prototype Pollution -> Sandbox Escape -> RCE Critical
CVE-2026-25142 was published for @nyariv/sandboxjs (npm) Feb 2, 2026
c0rydoras
Credited to c0rydoras
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows... Critical Unreviewed
CVE-2020-37052 was published Jan 31, 2026
Orval has Code Injection via unsanitized x-enum-descriptions using JS comments Critical
CVE-2026-25141 was published for @orval/core (npm) Jan 30, 2026
progfay k14uz
Credited to progfay and k14uz
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated... Critical Unreviewed
CVE-2026-1340 was published Jan 30, 2026
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated... Critical Unreviewed
CVE-2026-1281 was published Jan 30, 2026
An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remote attacker to execute... Critical Unreviewed
CVE-2025-69517 was published Jan 28, 2026
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor Critical
CVE-2026-23830 was published for @nyariv/sandboxjs (npm) Jan 27, 2026
nyxsorcerer
Credited to nyxsorcerer
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser... Critical Unreviewed
CVE-2025-69564 was published Jan 27, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in pilgrimage233... Critical Unreviewed
CVE-2026-24871 was published Jan 27, 2026
vm2 has a Sandbox Escape Critical
CVE-2026-22709 was published for vm2 (npm) Jan 26, 2026
Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution... Critical Unreviewed
CVE-2026-0761 was published Jan 23, 2026
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2026-0768 was published Jan 23, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event... Critical Unreviewed
CVE-2025-68015 was published Jan 22, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio... Critical Unreviewed
CVE-2025-67944 was published Jan 22, 2026
ipTIME routers A2003NS-MU 10.00.6 to 12.16.2 , N600 10.00.8 to 12.16.2, A604-V3 10.01.6 to 10.07... Critical Unreviewed
CVE-2025-55423 was published Jan 20, 2026
Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE) Critical
CVE-2026-23733 was published for @lobehub/chat (npm) Jan 20, 2026
c2an1
Credited to c2an1
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter Critical
GHSA-5882-5rx9-xgxp was published for Crawl4AI (pip) Jan 16, 2026
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code... Critical Unreviewed
CVE-2025-61937 was published Jan 16, 2026
The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to... Critical Unreviewed
CVE-2025-64691 was published Jan 16, 2026
enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain Critical
CVE-2026-22686 was published for enclave-vm (npm) Jan 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database