GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,833
Composer 5,055
Erlang 39
GitHub Actions 38
Go 2,685
Maven 6,134
npm 4,318
NuGet 760
pip 4,092
Pub 12
RubyGems 958
Rust 1,063
Swift 45

Unreviewed advisories

All unreviewed 278,430

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

710 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions... Critical Unreviewed

CVE-2025-6389 was published Nov 25, 2025

An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management... Critical Unreviewed

CVE-2025-34046 was published Jun 26, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy... Critical Unreviewed

CVE-2025-49372 was published Nov 6, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque... Critical Unreviewed

CVE-2025-62023 was published Oct 22, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget... Critical Unreviewed

CVE-2025-32222 was published Nov 6, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic... Critical Unreviewed

CVE-2025-47588 was published Nov 6, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid... Critical Unreviewed

CVE-2025-62959 was published Oct 27, 2025

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over... Critical Unreviewed

CVE-2025-3115 was published Apr 9, 2025

The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in... Critical Unreviewed

CVE-2025-12813 was published Nov 11, 2025

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert... Critical Unreviewed

CVE-2025-42887 was published Nov 11, 2025

Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a... Critical Unreviewed

CVE-2020-36870 was published Nov 8, 2025

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where... Critical Unreviewed

CVE-2025-34277 was published Oct 31, 2025

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute... Critical Unreviewed

CVE-2024-30923 was published Apr 18, 2024

iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization. Critical Unreviewed

CVE-2025-50739 was published Oct 30, 2025

An administrator with restricted permissions can exploit the script execution functionality... Critical Unreviewed

CVE-2024-22116 was published Aug 12, 2024

A mismatch between allocator and deallocator could have lead to memory corruption. This... Critical Unreviewed

CVE-2024-6602 was published Jul 9, 2024

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27678 was published Mar 5, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27657 was published Mar 5, 2025

In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at... Critical Unreviewed

CVE-2024-53920 was published Nov 27, 2024

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an... Critical Unreviewed

CVE-2025-1011 was published Feb 4, 2025

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute... Critical Unreviewed

CVE-2023-36177 was published Jan 24, 2024

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise... Critical Unreviewed

CVE-2014-5401 was published May 13, 2022

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or... Critical Unreviewed

CVE-2014-6287 was published May 13, 2022

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection... Critical Unreviewed

CVE-2024-23692 was published May 31, 2024

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in... Critical Unreviewed

CVE-2023-29492 was published Apr 11, 2023

Previous1…29 Next

Previous 1 2 3 4 5 … 28 29 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

710 advisories