Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,066
Maven
5,000+
npm
4,947
NuGet
825
pip
4,403
Pub
12
RubyGems
988
Rust
1,151
Swift
50
Unreviewed advisories
All unreviewed
5,000+

4,946 advisories

Loading
OpenClaw hook transform path containment missed symlink-resolved escapes High
GHSA-659f-22xc-98f2 was published for openclaw (npm) Mar 3, 2026
Craft CMS has Twig Function Blocklist Bypass Moderate
CVE-2026-28783 was published for craftcms/cms (Composer) Mar 3, 2026
mHe4am Credited to mHe4am
Craft CMS Vulnerable to Authenticated RCE via Twig SSTI - create() function + Symfony Process gadget Moderate
CVE-2026-28695 was published for craftcms/cms (Composer) Mar 3, 2026
andreisss Credited to andreisss
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger... Critical Unreviewed
CVE-2025-59059 was published Mar 3, 2026
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2026-3132 was published Mar 2, 2026
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The... Critical Unreviewed
CVE-2026-24105 was published Mar 2, 2026
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution... High Unreviewed
CVE-2026-26699 was published Mar 2, 2026
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2026-26720 was published Mar 2, 2026
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of ... Critical Unreviewed
CVE-2026-24107 was published Mar 2, 2026
Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs High
CVE-2026-28425 was published for statamic/cms (Composer) Mar 1, 2026
Neosprings Credited to Neosprings
OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth) Moderate
GHSA-82g8-464f-2mv7 was published for openclaw (npm) Feb 27, 2026
nedlir Credited to nedlir
Langflow has Remote Code Execution in CSV Agent Critical
CVE-2026-27966 was published for langflow (pip) Feb 27, 2026
weblover12 Credited to weblover12, andifilhohub, and Adam-Aghili andifilhohub andifilhohub
Adam-Aghili Adam-Aghili
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick... High Unreviewed
CVE-2026-21657 was published Feb 27, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick... High Unreviewed
CVE-2026-21656 was published Feb 27, 2026
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection... High Unreviewed
CVE-2026-21658 was published Feb 27, 2026
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the... High Unreviewed
CVE-2026-26682 was published Feb 26, 2026
n8n: Expression Sandbox Escape Leads to RCE Critical
CVE-2026-27577 was published for n8n (npm) Feb 25, 2026
eilonc-pillar Credited to eilonc-pillar, nil340, ediklab, hackerman70000, and zolbooo nil340 nil340
ediklab ediklab hackerman70000 hackerman70000 zolbooo zolbooo
n8n has Arbitrary Command Execution via File Write and Git Operations Critical
CVE-2026-27498 was published for n8n (npm) Feb 25, 2026
fatihhcelik Credited to fatihhcelik
n8n has Potential Remote Code Execution via Merge Node Critical
CVE-2026-27497 was published for n8n (npm) Feb 25, 2026
allsmog Credited to allsmog and nil340 nil340 nil340
n8n has a Sandbox Escape in its JavaScript Task Runner Critical
CVE-2026-27495 was published for n8n (npm) Feb 25, 2026
c0rydoras Credited to c0rydoras
n8n has Unauthenticated Expression Evaluation via Form Node Critical
CVE-2026-27493 was published for n8n (npm) Feb 25, 2026
eilonc-pillar Credited to eilonc-pillar
Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) Critical
CVE-2026-27702 was published for budibase (npm) Feb 25, 2026
vicevirus Credited to vicevirus
c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property High
CVE-2026-27830 was published for com.mchange:c3p0 (Maven) Feb 25, 2026
dpp Credited to dpp
@enclave-vm/core is vulnerable to Sandbox Escape Critical
CVE-2026-27597 was published for @enclave-vm/core (npm) Feb 25, 2026
c0rydoras Credited to c0rydoras and frontegg-david frontegg-david frontegg-david
The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all... High Unreviewed
CVE-2026-1929 was published Feb 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database