Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

4,911 advisories

Loading
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup... High Unreviewed
CVE-2026-26045 was published Feb 21, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in WesternDeal WPForms... Unknown Unreviewed
CVE-2025-67979 was published Feb 20, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion... Unknown Unreviewed
CVE-2025-52744 was published Feb 20, 2026
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution Critical
CVE-2026-26030 was published for semantic-kernel (pip) Feb 19, 2026
amiteliahu doredry
urioren
Credited to amiteliahu, doredry, and urioren
jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method High
CVE-2026-25755 was published for jspdf (npm) Feb 19, 2026
ZeroXJacks
Credited to ZeroXJacks
The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a... Critical Unreviewed
CVE-2025-71243 was published Feb 19, 2026
MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code execution via the admin... Critical Unreviewed
CVE-2026-27174 was published Feb 19, 2026
NLTK has a Zip Slip Vulnerability Critical
CVE-2025-14009 was published for nltk (pip) Feb 18, 2026
An arbitrary code execution vulnerability exists in the Code Stream directive functionality of... High Unreviewed
CVE-2025-61982 was published Feb 18, 2026
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code... High Unreviewed
CVE-2025-33250 was published Feb 18, 2026
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code... High Unreviewed
CVE-2025-33251 was published Feb 18, 2026
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious... High Unreviewed
CVE-2025-33240 was published Feb 18, 2026
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input... High Unreviewed
CVE-2025-33239 was published Feb 18, 2026
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could... High Unreviewed
CVE-2025-33236 was published Feb 18, 2026
The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is... High Unreviewed
CVE-2026-2296 was published Feb 18, 2026
OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions Low
CVE-2026-24764 was published for openclaw (npm) Feb 17, 2026
KonstantinMirin
Credited to KonstantinMirin
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart... Critical Unreviewed
CVE-2025-70830 was published Feb 17, 2026
An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to... High Unreviewed
CVE-2025-65716 was published Feb 16, 2026
An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0... High Unreviewed
CVE-2025-65715 was published Feb 16, 2026
Apache Avro Java SDK is Vulnerable to Code Injection Moderate
CVE-2025-33042 was published for org.apache.avro:avro-compiler (Maven) Feb 13, 2026
levpachmanov
Credited to levpachmanov
ClamAV ClamBC bytecode interpreter contains a vulnerability in function name processing that... High Unreviewed
CVE-2020-37167 was published Feb 13, 2026
Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC High
CVE-2026-26056 was published for github.com/yokecd/yoke (Go) Feb 12, 2026
b0b0haha lixingquzhi
Credited to b0b0haha and lixingquzhi
An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute... High Unreviewed
CVE-2025-63421 was published Feb 12, 2026
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code... High Unreviewed
CVE-2026-0969 was published Feb 12, 2026
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to... Critical Unreviewed
CVE-2020-37186 was published Feb 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database