Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,163
Maven
5,000+
npm
3,821
NuGet
696
pip
3,502
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,200 advisories

Loading
The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution... Moderate Unreviewed
CVE-2024-12415 was published Jan 31, 2025
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by... Critical Unreviewed
CVE-2024-57099 was published Feb 3, 2025
Improper control of generation of code in the sourcerer extension for Joomla in versions before... Critical Unreviewed
CVE-2025-22204 was published Feb 4, 2025
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an... Critical Unreviewed
CVE-2025-1011 was published Feb 4, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page... Critical Unreviewed
CVE-2025-24677 was published Feb 4, 2025
NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote... High Unreviewed
CVE-2025-25246 was published Feb 5, 2025
Plenti - Code Injection - Denial of Services Moderate
CVE-2025-26260 was published for github.com/plentico/plenti (Go) Feb 5, 2025
ahmetak4n
The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run... High Unreviewed
CVE-2024-13487 was published Feb 6, 2025
An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive... High Unreviewed
CVE-2024-57609 was published Feb 7, 2025
An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute... Moderate Unreviewed
CVE-2024-55241 was published Feb 7, 2025
An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and... Critical Unreviewed
CVE-2024-57707 was published Feb 7, 2025
The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2024-7425 was published Feb 7, 2025
The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions... High Unreviewed
CVE-2024-7419 was published Feb 7, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS... High Unreviewed
CVE-2024-27859 was published Feb 10, 2025
PandasAI interactive prompt function Remote Code Execution (RCE) Critical
CVE-2024-12366 was published for pandasai (pip) Feb 11, 2025
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before... Critical Unreviewed
CVE-2024-10644 was published Feb 11, 2025
An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to... Moderate Unreviewed
CVE-2024-33469 was published Feb 12, 2025
Withdrawn Advisory: Command injection in Ray Critical
CVE-2024-57000 was published for ray (pip) Feb 12, 2025 withdrawn
The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-13814 was published Feb 12, 2025
Remote code execution in alextselegidis/easyappointments Moderate
CVE-2024-57601 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
Cross Site Scripting vulnerability in Zertificon Z1 SecureMail Z1 CertServer v.3.16.4-2516... Moderate Unreviewed
CVE-2024-51122 was published Feb 13, 2025
The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2024-13345 was published Feb 13, 2025
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to... High Unreviewed
CVE-2024-13346 was published Feb 13, 2025
JSONPath Plus allows Remote Code Execution High
CVE-2025-1302 was published for jsonpath-plus (npm) Feb 15, 2025
The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to... High Unreviewed
CVE-2024-13797 was published Feb 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database