GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
64 advisories
Filter by severity
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper...
High
Unreviewed
CVE-2026-24246
was published
Jul 1, 2026
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves...
High
Unreviewed
CVE-2026-13772
was published
Jun 30, 2026
Statamic CMS's unsafe method invocation via collection sorting allows data destruction
High
CVE-2026-49287
was published
for
statamic/cms
(Composer)
Jun 26, 2026
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments
Moderate
CVE-2026-48517
was published
for
MessagePack
(NuGet)
Jun 25, 2026
MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows
High
CVE-2026-48502
was published
for
MessagePack
(NuGet)
Jun 25, 2026
Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that...
Moderate
Unreviewed
CVE-2026-57284
was published
Jun 24, 2026
Spinnaker has uon-safe yaml deserialization, allowing RCE when using specific types
High
CVE-2026-44795
was published
for
io.spinnaker.orca:orca-core
(Maven)
Jun 22, 2026
Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`
Moderate
CVE-2026-48817
was published
for
starlette
(pip)
Jun 15, 2026
Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes
Moderate
CVE-2026-46718
was published
for
org.apache.calcite:calcite-core
(Maven)
Jun 2, 2026
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override
Critical
CVE-2026-46562
was published
for
org.yamcs:yamcs-core
(Maven)
May 27, 2026
Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints
High
CVE-2026-44174
was published
for
getkirby/cms
(Composer)
May 26, 2026
Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading
Critical
CVE-2026-8178
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
May 14, 2026
PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute
High
CVE-2026-44339
was published
for
PraisonAI
(pip)
May 11, 2026
Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior
High
CVE-2026-44011
was published
for
craftcms/cms
(Composer)
May 6, 2026
Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest
Critical
CVE-2026-42027
was published
for
org.apache.opennlp:opennlp-tools
(Maven)
May 4, 2026
Statamic: Unsafe method invocation via query value resolution allows data destruction
High
CVE-2026-41175
was published
for
statamic/cms
(Composer)
Apr 16, 2026
Microsoft Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local...
Moderate
Unreviewed
CVE-2018-25239
was published
Apr 4, 2026
An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate...
Moderate
Unreviewed
CVE-2026-23923
was published
Mar 24, 2026
Craft CMS is Vulnerable to Authenticated Remote Code Execution via Malicious Attached Behavior
High
CVE-2026-33157
was published
for
craftcms/cms
(Composer)
Mar 24, 2026
Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController
High
CVE-2026-32264
was published
for
craftcms/cms
(Composer)
Mar 16, 2026
Craft CMS vulnerable to behavior injection RCE via EntryTypesController
High
CVE-2026-32263
was published
for
craftcms/cms
(Composer)
Mar 16, 2026
Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware
High
GHSA-cwxj-rr6w-m6w7
was published
for
Scrapy
(pip)
Mar 13, 2026
Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior
High
CVE-2026-25498
was published
for
craftcms/cms
(Composer)
Feb 9, 2026
Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior
High
CVE-2025-68455
was published
for
craftcms/cms
(Composer)
Jan 5, 2026
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does...
Critical
Unreviewed
CVE-2025-34393
was published
Dec 10, 2025
ProTip!
Advisories are also available from the
GraphQL API