Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

4,830 advisories

Loading
Skipper is vulnerable to arbitrary code execution through lua filters High
CVE-2026-23742 was published for github.com/zalando/skipper (Go) Jan 16, 2026
moyushui b0b0haha
Credited to moyushui and b0b0haha
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter Critical
GHSA-5882-5rx9-xgxp was published for Crawl4AI (pip) Jan 16, 2026
The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to... Critical Unreviewed
CVE-2025-64691 was published Jan 16, 2026
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code... Critical Unreviewed
CVE-2025-61937 was published Jan 16, 2026
Shopware Has Improper Control of Generation of Code in Twig rendered views High
CVE-2026-23498 was published for shopware/core (Composer) Jan 14, 2026
lukasz-rybak
Credited to lukasz-rybak
enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain Critical
CVE-2026-22686 was published for enclave-vm (npm) Jan 14, 2026
Wing FTP Server versions 4.3.8 and below contain an authenticated remote code execution... High Unreviewed
CVE-2022-50934 was published Jan 14, 2026
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution... High Unreviewed
CVE-2022-50898 was published Jan 14, 2026
4images 1.9 contains a remote command execution vulnerability that allows authenticated... High Unreviewed
CVE-2022-50806 was published Jan 14, 2026
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation Critical
CVE-2025-68924 was published for UmbracoForms (NuGet) Jan 13, 2026
chudyPB
Credited to chudyPB
Envoy Extension Policy lua scripts injection causes arbitrary command execution High
CVE-2026-22771 was published for github.com/envoyproxy/gateway (Go) Jan 13, 2026
rikatz rudrakhp
guydc arkodg
Credited to rikatz, rudrakhp, guydc, and arkodg
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious... High Unreviewed
CVE-2025-41717 was published Jan 13, 2026
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager ... Critical Unreviewed
CVE-2026-0500 was published Jan 13, 2026
SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a... Critical Unreviewed
CVE-2026-0498 was published Jan 13, 2026
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability... Critical Unreviewed
CVE-2026-0491 was published Jan 13, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on... Critical Unreviewed
CVE-2026-22584 was published Jan 10, 2026
AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code... Critical Unreviewed
CVE-2020-36875 was published Jan 9, 2026
The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job... Critical Unreviewed
CVE-2025-66916 was published Jan 8, 2026
JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user... Critical Unreviewed
CVE-2025-66913 was published Jan 8, 2026
pnpm vulnerable to Command Injection via environment variable substitution High
CVE-2025-69262 was published for pnpm (npm) Jan 7, 2026
Sy2n0
Credited to Sy2n0
carbone Code Injection vulnerability Low
CVE-2024-14020 was published for carbone (npm) Jan 7, 2026
An improper control of generation of code vulnerability has been reported to affect Malware... High Unreviewed
CVE-2025-11837 was published Jan 2, 2026
Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package High
CVE-2025-68619 was published for signalk-server (npm) Jan 2, 2026
atsc11
Credited to atsc11
A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app... Moderate Unreviewed
CVE-2025-15394 was published Dec 31, 2025
A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the... Moderate Unreviewed
CVE-2025-15393 was published Dec 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database