Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

548 advisories

Loading
AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters High
GHSA-27qh-8cxx-2cr5 was published for aws/aws-sdk-php (Composer) Mar 27, 2026
act: Unrestricted set-env and add-path command processing enables environment injection High
CVE-2026-34041 was published for github.com/nektos/act (Go) Mar 27, 2026
golang-not-rust Credited to golang-not-rust
Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters High
CVE-2026-22744 was published for org.springframework.ai:spring-ai-redis-store (Maven) Mar 27, 2026
Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API High
CVE-2026-30932 was published for froxlor/froxlor (Composer) Mar 24, 2026
q1uf3ng Credited to q1uf3ng
A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function... High Unreviewed
CVE-2026-4163 was published Mar 16, 2026
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list... High Unreviewed
CVE-2026-4164 was published Mar 16, 2026
A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function... High Unreviewed
CVE-2026-3612 was published Mar 6, 2026
TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution High
CVE-2026-29186 was published for @backstage/plugin-techdocs-node (npm) Mar 5, 2026
Ghost Vulnerable to Remote Code Execution via Malicious Themes High
CVE-2026-29053 was published for ghost (npm) Mar 3, 2026
cristianstaicu Credited to cristianstaicu
Koa has Host Header Injection via ctx.hostname High
CVE-2026-27959 was published for koa (npm) Feb 26, 2026
p80n-sec Credited to p80n-sec
Storybook Dev Server is Vulnerable to WebSocket Hijacking High
CVE-2026-27148 was published for storybook (npm) Feb 26, 2026
Aikido-Security Credited to Aikido-Security, reindaelman, grumpinout1, and JorianWoltjer reindaelman reindaelman
grumpinout1 grumpinout1 JorianWoltjer JorianWoltjer
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution High
CVE-2026-27727 was published for com.mchange:mchange-commons-java (Maven) Feb 25, 2026
dpp Credited to dpp
D-Tale affected by Remote Code Execution through the /save-column-filter endpoint High
CVE-2026-27194 was published for dtale (pip) Feb 19, 2026
eBay API MCP Server Affected by Environment Variable Injection High
CVE-2026-27203 was published for ebay-mcp (npm) Feb 19, 2026
nedlir Credited to nedlir
The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all... High Unreviewed
CVE-2026-2019 was published Feb 18, 2026
A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function... High Unreviewed
CVE-2026-2615 was published Feb 17, 2026
A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the... High Unreviewed
CVE-2026-2182 was published Feb 8, 2026
A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the... High Unreviewed
CVE-2026-2118 was published Feb 8, 2026
A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function... High Unreviewed
CVE-2026-2085 was published Feb 7, 2026
A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function... High Unreviewed
CVE-2026-2080 was published Feb 7, 2026
Enhancesoft osTicket versions up to and including 1.18.2 contain an arbitrary file read... High Unreviewed
CVE-2026-22200 was published Jan 12, 2026
A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the... High Unreviewed
CVE-2025-15136 was published Dec 28, 2025
A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the... High Unreviewed
CVE-2025-15137 was published Dec 28, 2025
A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown... High Unreviewed
CVE-2025-14884 was published Dec 18, 2025
A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function... High Unreviewed
CVE-2025-14706 was published Dec 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database