Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,830
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,215 advisories

Loading
NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote... High Unreviewed
CVE-2025-25246 was published Feb 5, 2025
: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in... Critical Unreviewed
CVE-2024-49271 was published Oct 16, 2024
XWiki Platform allows remote code execution from user account Critical
CVE-2024-37899 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 20, 2024
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an... Critical Unreviewed
CVE-2025-1011 was published Feb 4, 2025
The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run... High Unreviewed
CVE-2024-13487 was published Feb 6, 2025
JSONPath Plus Remote Code Execution (RCE) Vulnerability Critical
CVE-2024-21534 was published for jsonpath-plus (Maven) Oct 11, 2024
jdong10 RisingZero
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab... Critical Unreviewed
CVE-2021-22205 was published May 24, 2022
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT... Critical Unreviewed
CVE-2015-7450 was published May 17, 2022
Code Injection in PHPUnit Critical
CVE-2017-9841 was published for phpunit/phpunit (Composer) Mar 26, 2022
donatj
Remote Code Execution Vulnerability in NPM mongo-express Critical
CVE-2019-10758 was published for mongo-express (npm) Dec 30, 2019
JLLeitschuh
The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions... High Unreviewed
CVE-2024-7419 was published Feb 7, 2025
The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2024-7425 was published Feb 7, 2025
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote... High Unreviewed
CVE-2019-9082 was published May 13, 2022
Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape... High Unreviewed
CVE-2023-30638 was published Apr 14, 2023
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to... High Unreviewed
CVE-2017-8759 was published May 14, 2022
An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and... Critical Unreviewed
CVE-2024-57707 was published Feb 7, 2025
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9... Critical Unreviewed
CVE-2023-1708 was published Apr 5, 2023
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and... High Unreviewed
CVE-2015-1635 was published May 14, 2022
An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive... High Unreviewed
CVE-2024-57609 was published Feb 7, 2025
An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute... Moderate Unreviewed
CVE-2024-55241 was published Feb 7, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS... High Unreviewed
CVE-2024-27859 was published Feb 10, 2025
An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute... Critical Unreviewed
CVE-2023-27650 was published Apr 10, 2023
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), :... High Unreviewed
CVE-2024-48962 was published Nov 18, 2024
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before... Critical Unreviewed
CVE-2024-10644 was published Feb 11, 2025
Apache MINA Deserialization RCE Vulnerability Critical
CVE-2024-52046 was published for org.apache.mina:mina-core (Maven) Dec 25, 2024
Malayke
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database