Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,876
Maven
5,000+
npm
4,502
NuGet
780
pip
4,254
Pub
12
RubyGems
975
Rust
1,100
Swift
49
Unreviewed advisories
All unreviewed
5,000+

4,854 advisories

Loading
PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files High
CVE-2026-24747 was published for pytorch (pip) Jan 27, 2026
azraelxuemo
Credited to azraelxuemo
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor Critical
CVE-2026-23830 was published for @nyariv/sandboxjs (npm) Jan 27, 2026
nyxsorcerer
Credited to nyxsorcerer
Improper Control of Generation of Code ('Code Injection') vulnerability in pilgrimage233... Critical Unreviewed
CVE-2026-24871 was published Jan 27, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media ... Moderate Unreviewed
CVE-2026-24806 was published Jan 27, 2026
vm2 has a Sandbox Escape Critical
CVE-2026-22709 was published for vm2 (npm) Jan 26, 2026
The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2024-11976 was published Jan 23, 2026
Moodle affected by a code injection vulnerability High
CVE-2025-67847 was published for moodle/moodle (Composer) Jan 23, 2026
asrar-mared Seldaek
Credited to asrar-mared and Seldaek
Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution... Critical Unreviewed
CVE-2026-0761 was published Jan 23, 2026
Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2026-0766 was published Jan 23, 2026
Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2026-0771 was published Jan 23, 2026
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2026-0768 was published Jan 23, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Beaver Builder Beaver... High Unreviewed
CVE-2025-69319 was published Jan 22, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Shahjahan Jewel... Unknown Unreviewed
CVE-2025-69001 was published Jan 22, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event... Unknown Unreviewed
CVE-2025-68015 was published Jan 22, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio... Unknown Unreviewed
CVE-2025-67944 was published Jan 22, 2026
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An... High Unreviewed
CVE-2021-47778 was published Jan 21, 2026
OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers... High Unreviewed
CVE-2021-47770 was published Jan 21, 2026
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified... High Unreviewed
CVE-2026-20045 was published Jan 21, 2026
Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization Moderate
CVE-2026-23946 was published for tendenci (pip) Jan 21, 2026
nedlir
Credited to nedlir
vLLM affected by RCE via auto_map dynamic module loading during model initialization High
CVE-2026-22807 was published for vllm (pip) Jan 21, 2026
zaddy6 arthurgervais
DarkLight1337 russellb
Credited to zaddy6, arthurgervais, DarkLight1337, and russellb
binary-parser library has a code injection vulnerability Moderate
CVE-2026-1245 was published for binary-parser (npm) Jan 20, 2026
sei-vsarvepalli
Credited to sei-vsarvepalli
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could... High Unreviewed
CVE-2025-33233 was published Jan 20, 2026
ipTIME routers A2003NS-MU 10.00.6 to 12.16.2 , N600 10.00.8 to 12.16.2, A604-V3 10.01.6 to 10.07... Critical Unreviewed
CVE-2025-55423 was published Jan 20, 2026
Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE) Moderate
CVE-2026-23733 was published for @lobehub/chat (npm) Jan 20, 2026
c2an1
Credited to c2an1
Skipper is vulnerable to arbitrary code execution through lua filters High
CVE-2026-23742 was published for github.com/zalando/skipper (Go) Jan 16, 2026
moyushui b0b0haha
Credited to moyushui and b0b0haha
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database