Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3,271 advisories

Loading
A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a... High Unreviewed
CVE-2026-22317 was published Mar 18, 2026
IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0... High Unreviewed
CVE-2025-14031 was published Mar 18, 2026
A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function... Moderate Unreviewed
CVE-2026-4253 was published Mar 16, 2026
Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of... High Unreviewed
CVE-2026-23862 was published Mar 16, 2026
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown... High Unreviewed
CVE-2026-4170 was published Mar 16, 2026
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2026-26793 was published Mar 12, 2026
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2026-26791 was published Mar 12, 2026
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities... Critical Unreviewed
CVE-2026-26792 was published Mar 12, 2026
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2026-26795 was published Mar 12, 2026
A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e.... Moderate Unreviewed
CVE-2026-3959 was published Mar 12, 2026
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the... Moderate Unreviewed
CVE-2026-3964 was published Mar 12, 2026
In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform... High Unreviewed
CVE-2026-20163 was published Mar 11, 2026
A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated... High Unreviewed
CVE-2026-23815 was published Mar 11, 2026
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low... High Unreviewed
CVE-2026-23814 was published Mar 11, 2026
@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters Critical
CVE-2026-31862 was published for @siteboon/claudecodeui (npm) Mar 11, 2026
toufik-airane Credited to toufik-airane and neo-ai-engineer neo-ai-engineer neo-ai-engineer
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise... High Unreviewed
CVE-2026-3854 was published Mar 10, 2026
@budibase/server: Command Injection in PostgreSQL Dump Command High
CVE-2026-25041 was published for @budibase/server (npm) Mar 9, 2026
omkarparth Credited to omkarparth
A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe.... Moderate Unreviewed
CVE-2026-3813 was published Mar 9, 2026
A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of... Moderate Unreviewed
CVE-2026-3798 was published Mar 9, 2026
A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function... Moderate Unreviewed
CVE-2026-3704 was published Mar 8, 2026
A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the... Moderate Unreviewed
CVE-2026-3696 was published Mar 8, 2026
zeptoclaw has Shell allowlist-blocklist bypass via command/argument injection and file name wildcards Critical
GHSA-5wp8-q9mx-8jx8 was published for zeptoclaw (Rust) Mar 5, 2026
zpbrent Credited to zpbrent
OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux) High
CVE-2026-32063 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the... High Unreviewed
CVE-2026-3485 was published Mar 3, 2026
MCP NMAP Server has an Injection vulnerability Moderate
CVE-2026-3484 was published for mcp-nmap-server (npm) Mar 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database