Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

991 advisories

Loading
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that... Critical Unreviewed
CVE-2025-34077 was published Jul 9, 2025
Insufficient security mechanisms for created containers in educoder challenges v1.0 allow... Critical Unreviewed
CVE-2025-45479 was published Jul 7, 2025
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This... Critical Unreviewed
CVE-2025-42967 was published Jul 8, 2025
Remote attackers can execute arbitrary code in the context of the vulnerable service process. Critical Unreviewed
CVE-2025-5333 was published Jul 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy... Critical Unreviewed
CVE-2025-49302 was published Jul 4, 2025
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote... Critical Unreviewed
CVE-2025-34089 was published Jul 3, 2025
A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to... Critical Unreviewed
CVE-2025-34061 was published Jul 3, 2025
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface... Critical Unreviewed
CVE-2025-34074 was published Jul 2, 2025
Apache IoTDB Vulnerable to Remote Code Execution Critical
CVE-2024-24780 was published for apache-iotdb (Maven) May 14, 2025
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0... Critical Unreviewed
CVE-2025-37099 was published Jul 1, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.Kazi Custom... Critical Unreviewed
CVE-2025-49029 was published Jul 1, 2025
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management... Critical Unreviewed
CVE-2025-34046 was published Jun 26, 2025
An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-37743 was published Jun 24, 2025
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection')... Critical Unreviewed
CVE-2024-47208 was published Nov 18, 2024
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... Critical Unreviewed
CVE-2025-23121 was published Jun 19, 2025
On a client with a non-admin user, a script can be integrated into a report. The reports could... Critical Unreviewed
CVE-2025-6512 was published Jun 23, 2025
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution Critical
CVE-2025-49132 was published for pterodactyl/panel (Composer) Jun 19, 2025
azimoff337
Credited to azimoff337
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings... Critical Unreviewed
CVE-2025-47916 was published May 16, 2025
xunruicms <=4.5.1 is vulnerable to Remote Code Execution. Critical Unreviewed
CVE-2021-38243 was published Sep 27, 2023
In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result... Critical Unreviewed
CVE-2025-32106 was published Jun 3, 2025
A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS... Critical Unreviewed
CVE-2025-28386 was published Jun 13, 2025
Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
GHSA-c995-4fw3-j39m was published for langflow (pip) Apr 7, 2025 withdrawn
An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute... Critical Unreviewed
CVE-2023-50488 was published Feb 2, 2024
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote... Critical Unreviewed
CVE-2022-45699 was published Feb 10, 2023
Remote code execution that allows unauthorized users to execute arbitrary code on the server... Critical Unreviewed
CVE-2025-29902 was published Jun 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database