Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,971
NuGet
713
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,533 advisories

Loading
man-group dtale version <= 3.13.1 contains a vulnerability where the query parameters from the... High Unreviewed
CVE-2024-9016 was published Mar 20, 2025
A command injection vulnerability exists in the `pandas.DataFrame.query` function of pandas-dev... High Unreviewed
CVE-2024-9880 was published Mar 20, 2025
SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update... High Unreviewed
CVE-2024-9439 was published Mar 20, 2025
A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a... High Unreviewed
CVE-2025-0185 was published Mar 20, 2025
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute... High Unreviewed
CVE-2025-29807 was published Mar 21, 2025
The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-2303 was published Mar 22, 2025
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare )... High Unreviewed
CVE-2025-2787 was published Mar 26, 2025
The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in... High Unreviewed
CVE-2025-2803 was published Mar 29, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS... High Unreviewed
CVE-2025-24243 was published Apr 1, 2025
Jenkins Templating Engine Plugin Vulnerable to Arbitrary Code Execution High
CVE-2025-31722 was published for org.jenkins-ci.plugins:templating-engine (Maven) Apr 2, 2025
insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject... High Unreviewed
CVE-2024-45198 was published Apr 3, 2025
insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can... High Unreviewed
CVE-2024-45199 was published Apr 3, 2025
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to... High Unreviewed
CVE-2025-23186 was published Apr 8, 2025
The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2025-2809 was published Apr 10, 2025
The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2025-2805 was published Apr 10, 2025
A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux)... High Unreviewed
CVE-2024-13861 was published Apr 11, 2025
Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and... High Unreviewed
CVE-2023-42875 was published Apr 11, 2025
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability... High Unreviewed
CVE-2025-29281 was published Apr 15, 2025
A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron... High Unreviewed
CVE-2024-50960 was published Apr 15, 2025
A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2... High Unreviewed
CVE-2024-53303 was published Apr 16, 2025
Phoneservice module is affected by code injection vulnerability, successful exploitation of this... High Unreviewed
CVE-2025-1532 was published Apr 17, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real... High Unreviewed
CVE-2025-32596 was published Apr 17, 2025
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the... High Unreviewed
CVE-2025-29039 was published Apr 17, 2025
Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run. High Unreviewed
CVE-2025-29661 was published Apr 17, 2025
Pycel allows code injection via a crafted formula High
CVE-2024-53924 was published for pycel (pip) Apr 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database