Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,082
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,413
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

236 advisories

Loading
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM,... Critical Unreviewed
CVE-2026-47365 was published Jun 12, 2026
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability... High Unreviewed
CVE-2026-53694 was published Jun 10, 2026
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency... High Unreviewed
CVE-2026-11332 was published Jun 5, 2026
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release... High Unreviewed
CVE-2026-41013 was published Jun 1, 2026
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection... High Unreviewed
CVE-2026-49373 was published May 29, 2026
A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect... High Unreviewed
CVE-2026-3515 was published May 26, 2026
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote... High Unreviewed
CVE-2026-47114 was published May 21, 2026
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection... Critical Unreviewed
CVE-2026-31230 was published May 12, 2026
An improper neutralization of argument delimiters in a command ('argument injection')... Moderate Unreviewed
CVE-2026-25690 was published May 12, 2026
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM... Moderate Unreviewed
CVE-2025-40948 was published May 12, 2026
Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via... Moderate Unreviewed
CVE-2026-45181 was published May 10, 2026
A hidden console command is vulnerable to command injection flaw when control characters are... High Unreviewed
CVE-2026-7865 was published May 5, 2026
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0... Moderate Unreviewed
CVE-2026-35153 was published Apr 17, 2026
During an internal security assessment, a potential vulnerability was discovered in Lenovo... High Unreviewed
CVE-2026-4145 was published Apr 15, 2026
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability... Critical Unreviewed
CVE-2026-2449 was published Apr 14, 2026
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to... High Unreviewed
CVE-2026-0634 was published Apr 2, 2026
In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF... High Unreviewed
CVE-2026-29954 was published Mar 30, 2026
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters... Moderate Unreviewed
CVE-2026-23924 was published Mar 24, 2026
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability... Critical Unreviewed
CVE-2026-2298 was published Mar 23, 2026
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the... Moderate Unreviewed
CVE-2026-4438 was published Mar 20, 2026
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo... Moderate Unreviewed
CVE-2026-1715 was published Mar 11, 2026
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo... Moderate Unreviewed
CVE-2026-1716 was published Mar 11, 2026
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in... Moderate Unreviewed
CVE-2026-1717 was published Mar 11, 2026
An improper neutralization of argument delimiters in a command ('argument injection')... Moderate Unreviewed
CVE-2026-25689 was published Mar 10, 2026
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can... High Unreviewed
CVE-2025-41761 was published Mar 9, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database