Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3,419 advisories

Loading
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated,... Moderate Unreviewed
CVE-2026-20095 was published Apr 1, 2026
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated,... High Unreviewed
CVE-2026-20094 was published Apr 1, 2026
A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3... Critical Unreviewed
CVE-2024-43028 was published Apr 1, 2026
In its design for automatic terminal command execution, Sixth offers two options: Execute safe... Critical Unreviewed
CVE-2026-30310 was published Mar 31, 2026
Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to... High Unreviewed
CVE-2026-4399 was published Mar 31, 2026
A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac... Moderate Unreviewed
CVE-2026-5153 was published Mar 31, 2026
A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability... Moderate Unreviewed
CVE-2026-5125 was published Mar 30, 2026
MLflow Command Injection vulnerability Critical
CVE-2025-15379 was published for mlflow (pip) Mar 30, 2026
drhreddy Credited to drhreddy
A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is... Moderate Unreviewed
CVE-2026-5105 was published Mar 30, 2026
A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the... Moderate Unreviewed
CVE-2026-5103 was published Mar 30, 2026
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is... Moderate Unreviewed
CVE-2026-5104 was published Mar 30, 2026
wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body` Critical
CVE-2026-34243 was published for njzjz/wenxian (GitHub Actions) Mar 29, 2026
choseogyeong Credited to choseogyeong
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the... Moderate Unreviewed
CVE-2026-5030 was published Mar 29, 2026
A vulnerability has been found in DeDeveloper23 codebase-mcp up to... Moderate Unreviewed
CVE-2026-5023 was published Mar 29, 2026
A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is... Moderate Unreviewed
CVE-2026-5020 was published Mar 29, 2026
A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function... Moderate Unreviewed
CVE-2026-5007 was published Mar 28, 2026
A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of... Moderate Unreviewed
CVE-2026-5012 was published Mar 28, 2026
Flannel has cross-node remote code execution via extension backend BackendData injection High
CVE-2026-32241 was published for github.com/flannel-io/flannel (Go) Mar 27, 2026
shachartal Credited to shachartal
OpenClaw: Arbitrary code execution via unvalidated WebView JavascriptInterface High
CVE-2026-35643 was published for openclaw (npm) Mar 26, 2026
cyjhhh Credited to cyjhhh
A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this... High Unreviewed
CVE-2026-4840 was published Mar 26, 2026
A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function... High Unreviewed
CVE-2026-4627 was published Mar 24, 2026
A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected... High Unreviewed
CVE-2026-4611 was published Mar 24, 2026
A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of... Moderate Unreviewed
CVE-2026-4591 was published Mar 23, 2026
DigitalOcean Droplet Agent: Command Injection via Metadata Service Endpoint High
CVE-2026-24516 was published for github.com/digitalocean/droplet-agent (Go) Mar 23, 2026
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This... High Unreviewed
CVE-2026-4585 was published Mar 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database