Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,969
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,533 advisories

Loading
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a... High Unreviewed
CVE-2025-5309 was published Jun 16, 2025
XWiki allows remote code execution through default value of wiki macro wiki-type parameters High
CVE-2025-49581 was published for org.xwiki.platform:xwiki-platform-rendering-wikimacro-store (Maven) Jun 13, 2025
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0... High Unreviewed
CVE-2025-25021 was published Jun 3, 2025
Kea configuration and API directives can be used to load a malicious hook library. Many common... High Unreviewed
CVE-2025-32801 was published May 28, 2025
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential... High Unreviewed
CVE-2024-13952 was published May 22, 2025
Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials... High Unreviewed
CVE-2025-30172 was published May 22, 2025
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database... High Unreviewed
CVE-2024-13928 was published May 22, 2025
Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials... High Unreviewed
CVE-2024-9639 was published May 22, 2025
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator... High Unreviewed
CVE-2024-13929 was published May 22, 2025
A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges... High Unreviewed
CVE-2025-45753 was published May 21, 2025
A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary... High Unreviewed
CVE-2025-45752 was published May 21, 2025
An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate... High Unreviewed
CVE-2025-27998 was published May 21, 2025
Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store High
CVE-2025-46725 was published for langroid (pip) May 20, 2025
SCH227
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is... High Unreviewed
CVE-2025-3053 was published May 15, 2025
Cosmos EVM Allows Partial Precompile State Writes High
GHSA-mjfq-3qr2-6g84 was published for github.com/cosmos/evm (Go) May 14, 2025
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to... High Unreviewed
CVE-2024-54780 was published May 14, 2025
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on... High Unreviewed
CVE-2025-4428 was published May 13, 2025
SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an... High Unreviewed
CVE-2025-43010 was published May 13, 2025
The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to... High Unreviewed
CVE-2024-13793 was published May 8, 2025
The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2025-2802 was published May 6, 2025
The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable... High Unreviewed
CVE-2024-13738 was published May 3, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics... High Unreviewed
CVE-2025-2421 was published May 2, 2025
OPA server Data API HTTP path injection of Rego High
CVE-2025-46569 was published for github.com/open-policy-agent/opa (Go) May 1, 2025
GamrayW HyouKash
AdrienIT
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE... High Unreviewed
CVE-2025-46579 was published Apr 27, 2025
The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to... High Unreviewed
CVE-2025-3491 was published Apr 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database