Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,969
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,470 advisories

Loading
A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a... High Unreviewed
CVE-2025-0185 was published Mar 20, 2025
A command injection vulnerability exists in the `pandas.DataFrame.query` function of pandas-dev... High Unreviewed
CVE-2024-9880 was published Mar 20, 2025
SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update... High Unreviewed
CVE-2024-9439 was published Mar 20, 2025
man-group dtale version <= 3.13.1 contains a vulnerability where the query parameters from the... High Unreviewed
CVE-2024-9016 was published Mar 20, 2025
A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an... Critical Unreviewed
CVE-2024-8581 was published Mar 20, 2025
A command injection vulnerability exists in the workflow-checker.yml workflow of significant... High Unreviewed
CVE-2024-8156 was published Mar 20, 2025
LoLLMS Code Injection vulnerability High
CVE-2024-6982 was published for lollms (pip) Mar 20, 2025
In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpreter` is vulnerable to code... High Unreviewed
CVE-2024-10950 was published Mar 20, 2025
A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF... High Unreviewed
CVE-2024-10252 was published Mar 20, 2025
An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to... Critical Unreviewed
CVE-2024-57061 was published Mar 19, 2025
An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7... Critical Unreviewed
CVE-2025-29401 was published Mar 19, 2025
An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters... Critical Unreviewed
CVE-2024-55551 was published Mar 19, 2025
An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR... High Unreviewed
CVE-2024-21760 was published Mar 18, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ohio Extra... Moderate Unreviewed
CVE-2025-26924 was published Mar 16, 2025
Flowise allows arbitrary file write to RCE Critical
GHSA-8vvx-qvq9-5948 was published for flowise (npm) Mar 14, 2025
pyozzi-toss
nest allows a remote attacker to execute arbitrary code via the Content-Type header Moderate
CVE-2024-29409 was published for @nestjs/common (npm) Mar 14, 2025
aydinnyunus axi92
fperalta-INTIVE
The Automation Scripting functionality can be exploited by attackers to run arbitrary system... High Unreviewed
CVE-2024-54448 was published Mar 14, 2025
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for... High Unreviewed
CVE-2025-1119 was published Mar 13, 2025
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
Duplicate Advisory: Plenti - Code Injection - Denial of Services Moderate
GHSA-323w-6p85-26fr was published for github.com/plentico/plenti (Go) Mar 12, 2025 withdrawn
Arbitrary Code Execution via Crafted Keras Config for Model Loading High
CVE-2025-1550 was published for keras (pip) Mar 11, 2025
io-no
LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the... High Unreviewed
CVE-2025-25680 was published Mar 11, 2025
Duplicate Advisory: Keras arbitrary code execution vulnerability High
GHSA-5478-v2w6-c6q7 was published for keras (pip) Mar 11, 2025 withdrawn
The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-2169 was published Mar 11, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh... Critical Unreviewed
CVE-2025-26936 was published Mar 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database