Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,263 advisories

Loading
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2026-26793 was published Mar 12, 2026
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the... Moderate Unreviewed
CVE-2026-3964 was published Mar 12, 2026
A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e.... Moderate Unreviewed
CVE-2026-3959 was published Mar 12, 2026
In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform... High Unreviewed
CVE-2026-20163 was published Mar 11, 2026
A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated... High Unreviewed
CVE-2026-23815 was published Mar 11, 2026
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low... High Unreviewed
CVE-2026-23814 was published Mar 11, 2026
@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters Critical
CVE-2026-31862 was published for @siteboon/claudecodeui (npm) Mar 11, 2026
toufik-airane Credited to toufik-airane and neo-ai-engineer neo-ai-engineer neo-ai-engineer
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise... High Unreviewed
CVE-2026-3854 was published Mar 10, 2026
@budibase/server: Command Injection in PostgreSQL Dump Command High
CVE-2026-25041 was published for @budibase/server (npm) Mar 9, 2026
omkarparth Credited to omkarparth
A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe.... Moderate Unreviewed
CVE-2026-3813 was published Mar 9, 2026
A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of... Moderate Unreviewed
CVE-2026-3798 was published Mar 9, 2026
A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function... Moderate Unreviewed
CVE-2026-3704 was published Mar 8, 2026
A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the... Moderate Unreviewed
CVE-2026-3696 was published Mar 8, 2026
zeptoclaw has Shell allowlist-blocklist bypass via command/argument injection and file name wildcards Critical
GHSA-5wp8-q9mx-8jx8 was published for zeptoclaw (Rust) Mar 5, 2026
zpbrent Credited to zpbrent
OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux) High
CVE-2026-32063 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the... High Unreviewed
CVE-2026-3485 was published Mar 3, 2026
MCP NMAP Server has an Injection vulnerability Moderate
CVE-2026-3484 was published for mcp-nmap-server (npm) Mar 3, 2026
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository... High Unreviewed
CVE-2025-52365 was published Mar 3, 2026
MS-Agent vulnerable to Command Injection Moderate
CVE-2026-2256 was published for ms-agent (pip) Mar 2, 2026
A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this... High Unreviewed
CVE-2026-3301 was published Feb 27, 2026
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated... High Unreviewed
CVE-2026-22719 was published Feb 25, 2026
ImageMagick: SVG-to-MVG Command Injection via coders/svg.c Low
GHSA-xpg8-7m6m-jf56 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
phenggeler Credited to phenggeler
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low... High Unreviewed
CVE-2025-33181 was published Feb 24, 2026
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low... High Unreviewed
CVE-2025-33180 was published Feb 24, 2026
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function... Moderate Unreviewed
CVE-2026-3102 was published Feb 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database