GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 31,364
Composer 5,942
Erlang 70
GitHub Actions 52
Go 3,967
Maven 6,619
npm 6,387
NuGet 973
pip 5,264
Pub 13
RubyGems 1,064
Rust 1,387
Swift 56

Unreviewed advisories

All unreviewed 306,581

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

40 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection... High Unreviewed

CVE-2026-11422 was published Jun 5, 2026

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown... High Unreviewed

CVE-2026-50733 was published Jun 5, 2026

In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices... High Unreviewed

CVE-2026-8914 was published Jun 5, 2026

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an... High Unreviewed

CVE-2026-48962 was published May 27, 2026

The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04)... High Unreviewed

CVE-2026-31254 was published May 11, 2026

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code... Critical Unreviewed

CVE-2026-44128 was published May 8, 2026

An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions... Moderate Unreviewed

CVE-2026-4837 was published Apr 8, 2026

Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution... High Unreviewed

CVE-2026-22666 was published Apr 7, 2026

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe... Critical Unreviewed

CVE-2026-4851 was published Mar 29, 2026

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code... Critical Unreviewed

CVE-2026-4001 was published Mar 24, 2026

Affected devices do not properly sanitize contents of trace files. This could allow an attacker... Critical Unreviewed

CVE-2025-40943 was published Mar 10, 2026

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for... Moderate Unreviewed

CVE-2025-15551 was published Feb 5, 2026

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()'... High Unreviewed

CVE-2020-37137 was published Feb 5, 2026

Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This... Critical Unreviewed

CVE-2026-0769 was published Jan 23, 2026

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor... High Unreviewed

CVE-2026-0863 was published Jan 18, 2026

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python... Critical Unreviewed

CVE-2025-54322 was published Dec 27, 2025

An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26... Moderate Unreviewed

CVE-2025-43466 was published Dec 12, 2025

An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26... Low Unreviewed

CVE-2025-43388 was published Dec 12, 2025

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4... High Unreviewed

CVE-2025-65530 was published Dec 12, 2025

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the... Critical Unreviewed

CVE-2025-12140 was published Nov 27, 2025

A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with... High Unreviewed

CVE-2025-61955 was published Oct 15, 2025

The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human... Critical Unreviewed

CVE-2011-10033 was published Oct 15, 2025

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability... Moderate Unreviewed

CVE-2025-55585 was published Aug 18, 2025

The Request a Quote Form plugin for WordPress is vulnerable to Remote Code Execution in version... High Unreviewed

CVE-2025-8420 was published Aug 6, 2025

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user... Critical Unreviewed

CVE-2013-10070 was published Aug 5, 2025

Previous12 Next

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

40 advisories