GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
4,117 advisories
Filter by severity
An authenticated parameter injection vulnerability exists in the web-based management interface...
High
Unreviewed
CVE-2025-23051
was published
Jan 14, 2025
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts....
High
Unreviewed
CVE-2023-24539
was published
May 11, 2023
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty...
High
Unreviewed
CVE-2023-29400
was published
May 11, 2023
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote...
High
Unreviewed
CVE-2022-47879
was published
May 12, 2023
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
High
CVE-2023-30130
was published
for
craftcms/cms
(Composer)
May 12, 2023
PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.
Critical
Unreviewed
CVE-2022-47129
was published
May 11, 2023
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection...
Critical
Unreviewed
CVE-2024-23692
was published
May 31, 2024
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code...
Critical
Unreviewed
CVE-2017-7494
was published
May 14, 2022
A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS...
High
Unreviewed
CVE-2025-24159
was published
Jan 28, 2025
A Local Code Injection Vulnerability exists in the product and version listed above. The...
High
Unreviewed
CVE-2025-24482
was published
Jan 28, 2025
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to...
Critical
Unreviewed
CVE-2022-3236
was published
Sep 25, 2022
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET...
Critical
Unreviewed
CVE-2023-25717
was published
Feb 13, 2023
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the...
High
Unreviewed
CVE-2023-22952
was published
Jan 11, 2023
Remote Code Execution in Spring Framework
Critical
CVE-2022-22965
was published
for
org.springframework.boot:spring-boot-starter-web
(Maven)
Mar 31, 2022
A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers...
High
Unreviewed
CVE-2024-10001
was published
Jan 29, 2025
S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability...
High
Unreviewed
CVE-2023-29963
was published
May 6, 2023
Apache RocketMQ may have remote code execution vulnerability when using update configuration function
Critical
CVE-2023-33246
was published
for
org.apache.rocketmq:rocketmq-broker
(Maven)
Jul 6, 2023
The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is...
High
Unreviewed
CVE-2024-13453
was published
Jan 30, 2025
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for...
High
Unreviewed
CVE-2024-11600
was published
Jan 30, 2025
Remote Code Execution on click of <a> Link in markdown preview
High
CVE-2024-49362
was published
for
joplin
(npm)
Nov 14, 2024
European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute...
High
Unreviewed
CVE-2023-26546
was published
May 2, 2023
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode...
High
Unreviewed
CVE-2024-13472
was published
Jan 31, 2025
The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution...
Moderate
Unreviewed
CVE-2024-12415
was published
Jan 31, 2025
An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2023-29861
was published
May 15, 2023
A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10...
High
Unreviewed
CVE-2024-53561
was published
Jan 14, 2025
ProTip!
Advisories are also available from the
GraphQL API