Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

55 advisories

Loading
Warm-Flow has a SpEL Expression Injection in SpelHelper.parseExpression Low
CVE-2026-6125 was published for org.dromara.warm:warm-flow-plugin-modes-sb (Maven) Apr 12, 2026
awwaiid mcp-server-taskwarrior vulnerable to command injection Low
CVE-2026-5833 was published for mcp-server-taskwarrior (npm) Apr 9, 2026
fast-filesystem-mcp is vulnerable to command injection through handleGetDiskUsage function Low
CVE-2026-5327 was published for fast-filesystem-mcp (npm) Apr 2, 2026
MindSQL is vulnerable to Code Injection through its ask_db function Low
CVE-2026-4506 was published for mindsql (pip) Mar 21, 2026
OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions Low
CVE-2026-24764 was published for openclaw (npm) Feb 17, 2026
KonstantinMirin Credited to KonstantinMirin
xcode-mcp-server vulnerable to Command Injection Low
CVE-2026-2178 was published for xcode-mcp-server (npm) Feb 8, 2026
A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some... Low Unreviewed
CVE-2026-1735 was published Feb 2, 2026
Quill is vulnerable to XSS via HTML export feature Low
CVE-2025-15056 was published for quill (npm) Jan 13, 2026
Composer is vulnerable to ANSI sequence injection Low
CVE-2025-67746 was published for composer/composer (Composer) Dec 30, 2025
cs278 Credited to cs278
A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the... Low Unreviewed
CVE-2025-14485 was published Dec 11, 2025
A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has... Low Unreviewed
CVE-2025-7578 was published Jul 14, 2025
Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce... Low Unreviewed
CVE-2025-40710 was published Jun 30, 2025
Apereo CAS code injection vulnerability Low
CVE-2025-3984 was published for org.apereo.cas:cas-management-webapp-support (Maven) Apr 27, 2025
TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs. Low Unreviewed
CVE-2025-43955 was published Apr 20, 2025
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects... Low Unreviewed
CVE-2025-32699 was published Apr 10, 2025
A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an... Low Unreviewed
CVE-2025-1465 was published Feb 19, 2025
A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as... Low Unreviewed
CVE-2025-0214 was published Jan 4, 2025
Langchain SQL Injection vulnerability Low
CVE-2024-8309 was published for langchain (pip) Oct 29, 2024
BarrensZeppelin Credited to BarrensZeppelin, eyurtsev, and efriis eyurtsev eyurtsev
efriis efriis
cookie accepts cookie name, path, and domain with out of bounds characters Low
CVE-2024-47764 was published for cookie (npm) Oct 4, 2024
bewinsnw Credited to bewinsnw
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior... Low Unreviewed
CVE-2024-0231 was published Jul 25, 2024
dbt has an implicit override for built-in materializations from installed packages Low
CVE-2024-40637 was published for dbt-core (pip) Jul 17, 2024
brabster Credited to brabster
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Low Unreviewed
CVE-2024-35777 was published Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Low Unreviewed
CVE-2024-37253 was published Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Low Unreviewed
CVE-2024-37442 was published Jul 9, 2024
Monolog Header injection in NativeMailerHandler Low
GHSA-f57v-q966-7fh6 was published for monolog/monolog (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database