Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

5,086 advisories

Loading
PraisonAI has critical RCE via `type: job` workflow YAML Critical
GHSA-vc46-vw85-3wvm was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable to RCE via Automatic tools.py Import High
GHSA-g985-wjh9-qxxc was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading High
CVE-2026-40156 was published for praisonai (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure High
CVE-2026-40158 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
FoundationAgents MetaGPT vulnerable to eval injection Moderate
CVE-2026-5971 was published for metagpt (pip) Apr 9, 2026
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via... High Unreviewed
CVE-2024-1490 was published Apr 9, 2026
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18... Moderate Unreviewed
CVE-2026-1516 was published Apr 9, 2026
PraisonAI has Template Injection in Agent Tool Definitions High
CVE-2026-39891 was published for praisonai (pip) Apr 8, 2026
offset Credited to offset
SiYuan: Remote Code Execution in the Electron desktop client via stored XSS in synced table captions Critical
CVE-2026-39846 was published for github.com/siyuan-note/siyuan/kernel (Go) Apr 8, 2026
ngocnn97 Credited to ngocnn97
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow... Critical Unreviewed
CVE-2026-25776 was published Apr 8, 2026
Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that... Critical Unreviewed
CVE-2025-71058 was published Apr 7, 2026
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution ... High Unreviewed
CVE-2026-30460 was published Apr 7, 2026
Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping,... Critical Unreviewed
CVE-2024-36057 was published Apr 7, 2026
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile &... Moderate Unreviewed
CVE-2026-3309 was published Apr 4, 2026
Kedro has Arbitrary Code Execution via Malicious Logging Configuration Critical
CVE-2026-35171 was published for kedro (pip) Apr 3, 2026
Wernerina Credited to Wernerina
The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file,... High Unreviewed
CVE-2026-1540 was published Apr 2, 2026
lodash vulnerable to Code Injection via `_.template` imports key names High
CVE-2026-4800 was published for lodash (npm) Apr 1, 2026
dolevmiz1 Credited to dolevmiz1, bugbunny-research, M0nd0R, UlisesGascon, falsyvalues, jonchurch, threalwinky, and jdalton bugbunny-research bugbunny-research
M0nd0R M0nd0R UlisesGascon UlisesGascon falsyvalues falsyvalues jonchurch jonchurch threalwinky threalwinky jdalton jdalton
dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration High
CVE-2026-34725 was published for dbgate-web (npm) Apr 1, 2026
ngocnn97 Credited to ngocnn97
An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup... Critical Unreviewed
CVE-2026-30643 was published Apr 1, 2026
There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character... Critical Unreviewed
CVE-2024-40489 was published Apr 1, 2026
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection... Critical Unreviewed
CVE-2026-29014 was published Apr 1, 2026
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode... High Unreviewed
CVE-2026-35093 was published Apr 1, 2026
XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose... High Unreviewed
CVE-2025-71281 was published Apr 1, 2026
XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but... High Unreviewed
CVE-2026-35056 was published Apr 1, 2026
SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution High
CVE-2026-34585 was published for github.com/siyuan-note/siyuan/kernel (Go) Apr 1, 2026
ngocnn97 Credited to ngocnn97
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database