Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,969
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,533 advisories

Loading
The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in... High Unreviewed
CVE-2025-2803 was published Mar 29, 2025
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare )... High Unreviewed
CVE-2025-2787 was published Mar 26, 2025
The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-2303 was published Mar 22, 2025
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute... High Unreviewed
CVE-2025-29807 was published Mar 21, 2025
A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a... High Unreviewed
CVE-2025-0185 was published Mar 20, 2025
A command injection vulnerability exists in the `pandas.DataFrame.query` function of pandas-dev... High Unreviewed
CVE-2024-9880 was published Mar 20, 2025
SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update... High Unreviewed
CVE-2024-9439 was published Mar 20, 2025
man-group dtale version <= 3.13.1 contains a vulnerability where the query parameters from the... High Unreviewed
CVE-2024-9016 was published Mar 20, 2025
A command injection vulnerability exists in the workflow-checker.yml workflow of significant... High Unreviewed
CVE-2024-8156 was published Mar 20, 2025
LoLLMS Code Injection vulnerability High
CVE-2024-6982 was published for lollms (pip) Mar 20, 2025
In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpreter` is vulnerable to code... High Unreviewed
CVE-2024-10950 was published Mar 20, 2025
A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF... High Unreviewed
CVE-2024-10252 was published Mar 20, 2025
An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR... High Unreviewed
CVE-2024-21760 was published Mar 18, 2025
The Automation Scripting functionality can be exploited by attackers to run arbitrary system... High Unreviewed
CVE-2024-54448 was published Mar 14, 2025
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for... High Unreviewed
CVE-2025-1119 was published Mar 13, 2025
Arbitrary Code Execution via Crafted Keras Config for Model Loading High
CVE-2025-1550 was published for keras (pip) Mar 11, 2025
io-no
LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the... High Unreviewed
CVE-2025-25680 was published Mar 11, 2025
Duplicate Advisory: Keras arbitrary code execution vulnerability High
GHSA-5478-v2w6-c6q7 was published for keras (pip) Mar 11, 2025 withdrawn
The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-2169 was published Mar 11, 2025
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up... High Unreviewed
CVE-2024-13890 was published Mar 8, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... High Unreviewed
CVE-2024-53693 was published Mar 7, 2025
Spacy-LLM Server-Side Template Injection (SSTI) vulnerability High
CVE-2025-25362 was published for spacy-llm (pip) Mar 5, 2025
GeoVision GV-ASWeb with the version 6.1.2.0 or less, contains a Remote Code Execution (RCE)... High Unreviewed
CVE-2025-26264 was published Feb 28, 2025
The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution... High Unreviewed
CVE-2025-1509 was published Feb 22, 2025
The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2025-1510 was published Feb 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database