Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,514 advisories

Loading
Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Content No Cache... High Unreviewed
CVE-2025-28993 was published Jun 27, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an... High Unreviewed
CVE-2025-23265 was published Jun 26, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an... High Unreviewed
CVE-2025-23264 was published Jun 26, 2025
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management... Critical Unreviewed
CVE-2025-34046 was published Jun 26, 2025
An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-37743 was published Jun 24, 2025
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute... Critical Unreviewed
CVE-2023-48978 was published Jun 23, 2025
On a client with a non-admin user, a script can be integrated into a report. The reports could... Critical Unreviewed
CVE-2025-6512 was published Jun 23, 2025
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution Critical
CVE-2025-49132 was published for pterodactyl/panel (Composer) Jun 19, 2025
azimoff337
A vulnerability allowing local system users to modify directory contents, allowing for arbitrary... Moderate Unreviewed
CVE-2025-24287 was published Jun 19, 2025
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... Critical Unreviewed
CVE-2025-23121 was published Jun 19, 2025
Langflow Unauth RCE Critical
CVE-2025-3248 was published for langflow (pip) Jun 17, 2025
chximn-dt
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a... High Unreviewed
CVE-2025-5309 was published Jun 16, 2025
A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is... Moderate Unreviewed
CVE-2025-6101 was published Jun 16, 2025
XWiki allows remote code execution through default value of wiki macro wiki-type parameters High
CVE-2025-49581 was published for org.xwiki.platform:xwiki-platform-rendering-wikimacro-store (Maven) Jun 13, 2025
A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS... Critical Unreviewed
CVE-2025-28386 was published Jun 13, 2025
Remote code execution that allows unauthorized users to execute arbitrary code on the server... Critical Unreviewed
CVE-2025-29902 was published Jun 13, 2025
Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was... Critical Unreviewed
CVE-2025-30085 was published Jun 11, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi... Critical Unreviewed
CVE-2025-48140 was published Jun 9, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering... Critical Unreviewed
CVE-2025-48123 was published Jun 9, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in cmoreira Team Showcase... Moderate Unreviewed
CVE-2025-49250 was published Jun 6, 2025
Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability... Moderate Unreviewed
CVE-2025-41362 was published Jun 6, 2025
Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability... Moderate Unreviewed
CVE-2025-41365 was published Jun 6, 2025
Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language Moderate
CVE-2025-35036 was published for org.hibernate.validator:hibernate-validator (Maven) Jun 3, 2025
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0... High Unreviewed
CVE-2025-25021 was published Jun 3, 2025
In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result... Critical Unreviewed
CVE-2025-32106 was published Jun 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database