GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies...
High
Unreviewed
CVE-2026-11998
was published
Jun 24, 2026
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function...
Low
Unreviewed
CVE-2026-9498
was published
May 26, 2026
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function...
Low
Unreviewed
CVE-2026-8740
was published
May 17, 2026
dssrf: every IPv6 category bypasses is_url_safe
High
CVE-2026-44232
was published
for
dssrf
(npm)
May 6, 2026
netfoil's optional seccomp sandboxing was not applied
Moderate
GHSA-vjgj-42f6-7997
was published
for
github.com/tinfoil-factory/netfoil
(Go)
Apr 29, 2026
AstrBot has Incomplete Filtering of Special Elements
Low
CVE-2026-6984
was published
for
AstrBot
(pip)
Apr 25, 2026
A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects...
Moderate
Unreviewed
CVE-2026-5987
was published
Apr 10, 2026
PyBlade: SSTI/RCE via Bypassed AST Validation in sandbox.py
Low
CVE-2026-5559
was published
for
pyblade
(pip)
Apr 5, 2026
A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the...
Moderate
Unreviewed
CVE-2026-3725
was published
Mar 8, 2026
A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save...
Moderate
Unreviewed
CVE-2026-3714
was published
Mar 8, 2026
datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler
Low
CVE-2026-2969
was published
for
datapizza-ai-core
(pip)
Feb 23, 2026
A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an...
Moderate
Unreviewed
CVE-2025-14731
was published
Dec 16, 2025
HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is...
Moderate
Unreviewed
CVE-2025-59303
was published
Oct 8, 2025
A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the...
Moderate
Unreviewed
CVE-2025-9094
was published
Aug 18, 2025
A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has...
Moderate
Unreviewed
CVE-2025-6761
was published
Jun 27, 2025
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function
Low
CVE-2025-6518
was published
for
pyspur
(pip)
Jun 23, 2025
AngularJS Incomplete Filtering of Special Elements vulnerability
Moderate
CVE-2025-2336
was published
for
angular-sanitize
(npm)
Jun 4, 2025
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower...
Critical
Unreviewed
CVE-2025-0324
was published
Jun 2, 2025
A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform...
Moderate
Unreviewed
CVE-2025-5325
was published
May 29, 2025
AngularJS improperly sanitizes SVG elements
Low
CVE-2025-0716
was published
for
angular
(npm)
Apr 29, 2025
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to...
Moderate
Unreviewed
CVE-2025-3841
was published
Apr 21, 2025
An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R...
High
Unreviewed
CVE-2024-45481
was published
Mar 25, 2025
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected...
Moderate
Unreviewed
CVE-2025-2040
was published
Mar 6, 2025
An unauthenticated attacker can create a malicious link which they can make publicly available....
High
Unreviewed
CVE-2024-47590
was published
Nov 12, 2024
AngularJS allows attackers to bypass common image source restrictions
Low
CVE-2024-8373
was published
for
angular
(npm)
Sep 9, 2024
ProTip!
Advisories are also available from the
GraphQL API