GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3 advisories
Trivy Action has a script injection via sourced env file in composite action
Moderate
CVE-2026-26189
was published
for
aquasecurity/trivy-action
(GitHub Actions)
Feb 18, 2026
Laravel framework susceptible to reflected cross-site scripting
Moderate
CVE-2024-13918
was published
for
laravel/framework
(Composer)
Mar 10, 2025
SnakeYaml Constructor Deserialization Remote Code Execution
High
CVE-2022-1471
was published
for
org.yaml:snakeyaml
(Maven)
Dec 12, 2022
ProTip!
Advisories are also available from the
GraphQL API