Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,969
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,470 advisories

Loading
A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron... High Unreviewed
CVE-2024-50960 was published Apr 15, 2025
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability... High Unreviewed
CVE-2025-29281 was published Apr 15, 2025
In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open... Critical Unreviewed
CVE-2025-3579 was published Apr 15, 2025
In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly... Critical Unreviewed
CVE-2025-1782 was published Apr 14, 2025
A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue... Moderate Unreviewed
CVE-2025-3563 was published Apr 14, 2025
Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and... High Unreviewed
CVE-2023-42875 was published Apr 11, 2025
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for... Moderate Unreviewed
CVE-2025-3422 was published Apr 11, 2025
A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux)... High Unreviewed
CVE-2024-13861 was published Apr 11, 2025
The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2025-2805 was published Apr 10, 2025
The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2025-2809 was published Apr 10, 2025
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over... Critical Unreviewed
CVE-2025-3115 was published Apr 9, 2025
Code Execution via Malicious Files: Attackers can create specially crafted files with embedded... Critical Unreviewed
CVE-2025-3114 was published Apr 9, 2025
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a... Critical Unreviewed
CVE-2025-31330 was published Apr 8, 2025
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to... High Unreviewed
CVE-2025-23186 was published Apr 8, 2025
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function... Critical Unreviewed
CVE-2025-27429 was published Apr 8, 2025
SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function... Moderate Unreviewed
CVE-2025-30013 was published Apr 8, 2025
Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
GHSA-c995-4fw3-j39m was published for langflow (pip) Apr 7, 2025 withdrawn
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a... Critical Unreviewed
CVE-2025-28146 was published Apr 4, 2025
The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all... Critical Unreviewed
CVE-2024-13645 was published Apr 4, 2025
insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can... High Unreviewed
CVE-2024-45199 was published Apr 3, 2025
insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject... High Unreviewed
CVE-2024-45198 was published Apr 3, 2025
Netwrix Password Secure through 9.2 allows command injection. Critical Unreviewed
CVE-2025-26818 was published Apr 3, 2025
An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2025-29064 was published Apr 3, 2025
A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been... Moderate Unreviewed
CVE-2025-3164 was published Apr 3, 2025
InternLM LMDeploy code injection vulnerability Moderate
CVE-2025-3163 was published for lmdeploy (pip) Apr 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database