Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,710 advisories

Loading
The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to,... High Unreviewed
CVE-2025-9517 was published Sep 4, 2025
The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to,... High Unreviewed
CVE-2025-9519 was published Sep 4, 2025
Electron has ASAR Integrity Bypass via resource modification Moderate
CVE-2025-55305 was published for electron (npm) Sep 3, 2025
dariushoule
Credited to dariushoule
Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning High
GHSA-ph6w-f82w-28w6 was published for @anthropic-ai/claude-code (npm) Sep 3, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube... High Unreviewed
CVE-2025-54731 was published Aug 28, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in extremeidea bidorbuy... Critical Unreviewed
CVE-2025-48100 was published Aug 28, 2025
lychee link checking action affected by arbitrary code injection in composite action Moderate
CVE-2024-48908 was published for lycheeverse/lychee-action (GitHub Actions) Aug 28, 2025
mondeja
Credited to mondeja
An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18... Moderate Unreviewed
CVE-2025-5101 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34159 was published Aug 27, 2025
The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability Critical
CVE-2025-52122 was published for solspace/craft-freeform (Composer) Aug 27, 2025
The RunCommand function accepts any parameter, which is then passed for execution in the shell.... Critical Unreviewed
CVE-2025-30056 was published Aug 27, 2025
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command... Critical Unreviewed
CVE-2025-30057 was published Aug 27, 2025
In the Print.pl service, the "uhcPrintServerPrint" function allows execution of arbitrary code... Critical Unreviewed
CVE-2025-2313 was published Aug 27, 2025
The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is... Critical Unreviewed
CVE-2025-30055 was published Aug 27, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where... High Unreviewed
CVE-2025-23314 was published Aug 26, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy... High Unreviewed
CVE-2025-23315 was published Aug 26, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services... High Unreviewed
CVE-2025-23312 was published Aug 26, 2025
NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by... High Unreviewed
CVE-2025-23307 was published Aug 26, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where... High Unreviewed
CVE-2025-23313 was published Aug 26, 2025
SelectZero Data Observability Platform before 2025.5.2 is vulnerable to Content Spoofing / Text... High Unreviewed
CVE-2025-52218 was published Aug 26, 2025
Delta Electronics COMMGR has Code Injection vulnerability. High Unreviewed
CVE-2025-53419 was published Aug 26, 2025
Craft CMS Potential Remote Code Execution via Twig SSTI Moderate
CVE-2025-57811 was published for craftcms/cms (Composer) Aug 25, 2025
singetu0096
Credited to singetu0096
Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield... Critical Unreviewed
CVE-2022-31491 was published Aug 22, 2025
An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated... Critical Unreviewed
CVE-2024-52786 was published Aug 22, 2025
Maple versions up to and including 13's Maplet framework allows embedded commands to be executed... High Unreviewed
CVE-2010-20120 was published Aug 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database