Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,801
Maven
5,000+
npm
4,426
NuGet
773
pip
4,202
Pub
12
RubyGems
968
Rust
1,086
Swift
47
Unreviewed advisories
All unreviewed
5,000+

4,813 advisories

Loading
nest allows a remote attacker to execute arbitrary code via the Content-Type header Moderate
CVE-2024-29409 was published for @nestjs/common (npm) Mar 14, 2025
aydinnyunus axi92
fperalta-INTIVE
Credited to aydinnyunus, axi92, and fperalta-INTIVE
In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open... Critical Unreviewed
CVE-2025-3579 was published Apr 15, 2025
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a... Critical Unreviewed
CVE-2025-28146 was published Apr 4, 2025
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability... High Unreviewed
CVE-2025-29281 was published Apr 15, 2025
A file with a long filename could have had its filename truncated to remove the valid extension,... High Unreviewed
CVE-2022-46874 was published Dec 22, 2022
If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with... High Unreviewed
CVE-2022-3033 was published Dec 22, 2022
Code Execution via Malicious Files: Attackers can create specially crafted files with embedded... Critical Unreviewed
CVE-2025-3114 was published Apr 9, 2025
An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows... Critical Unreviewed
CVE-2024-29500 was published Apr 10, 2024
Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up... Moderate Unreviewed
CVE-2025-26996 was published Apr 16, 2025
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting... High Unreviewed
CVE-2022-22756 was published Dec 22, 2022
A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron... High Unreviewed
CVE-2024-50960 was published Apr 15, 2025
Hidden functionality vulnerability in Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and... Moderate Unreviewed
CVE-2022-43486 was published Dec 19, 2022
A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in... High Unreviewed
CVE-2022-45942 was published Dec 20, 2022
A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2... High Unreviewed
CVE-2024-53303 was published Apr 16, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post... Critical Unreviewed
CVE-2025-32583 was published Apr 17, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real... High Unreviewed
CVE-2025-32596 was published Apr 17, 2025
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted,... Critical Unreviewed
CVE-2021-22646 was published Jul 29, 2022
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0... Critical Unreviewed
CVE-2025-1568 was published Apr 17, 2025
A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-26014 was published Feb 21, 2025
Phoneservice module is affected by code injection vulnerability, successful exploitation of this... High Unreviewed
CVE-2025-1532 was published Apr 17, 2025
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the... High Unreviewed
CVE-2025-29039 was published Apr 17, 2025
Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run. High Unreviewed
CVE-2025-29661 was published Apr 17, 2025
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command... Critical Unreviewed
CVE-2023-51018 was published Dec 22, 2023
A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated... Critical Unreviewed
CVE-2025-29662 was published Apr 17, 2025
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute... Critical Unreviewed
CVE-2016-6175 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database