Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,688
Erlang
34
GitHub Actions
26
Go
2,274
Maven
5,000+
npm
3,930
NuGet
706
pip
3,696
Pub
12
RubyGems
919
Rust
955
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,394 advisories

Loading
Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real... High Unreviewed
CVE-2025-32596 was published Apr 17, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post... Critical Unreviewed
CVE-2025-32583 was published Apr 17, 2025
A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2... High Unreviewed
CVE-2024-53303 was published Apr 16, 2025
A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in... High Unreviewed
CVE-2022-45942 was published Dec 20, 2022
Hidden functionality vulnerability in Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and... Moderate Unreviewed
CVE-2022-43486 was published Dec 19, 2022
A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron... High Unreviewed
CVE-2024-50960 was published Apr 15, 2025
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting... High Unreviewed
CVE-2022-22756 was published Dec 22, 2022
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27657 was published Mar 5, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up... Moderate Unreviewed
CVE-2025-26996 was published Apr 16, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27678 was published Mar 5, 2025
An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows... Critical Unreviewed
CVE-2024-29500 was published Apr 10, 2024
Code Execution via Malicious Files: Attackers can create specially crafted files with embedded... Critical Unreviewed
CVE-2025-3114 was published Apr 9, 2025
If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with... High Unreviewed
CVE-2022-3033 was published Dec 22, 2022
A file with a long filename could have had its filename truncated to remove the valid extension,... High Unreviewed
CVE-2022-46874 was published Dec 22, 2022
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability... High Unreviewed
CVE-2025-29281 was published Apr 15, 2025
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a... Critical Unreviewed
CVE-2025-28146 was published Apr 4, 2025
In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open... Critical Unreviewed
CVE-2025-3579 was published Apr 15, 2025
nest allows a remote attacker to execute arbitrary code via the Content-Type header Moderate
CVE-2024-29409 was published for @nestjs/common (npm) Mar 14, 2025
aydinnyunus axi92
fperalta-INTIVE
Bundler allows attacker to inject arbitrary code via secondary Gem source Critical
CVE-2016-7954 was published for bundler (RubyGems) May 14, 2022
Dragonfly Code Injection vulnerability High
CVE-2013-1756 was published for dragonfly (RubyGems) Oct 24, 2017
phpMyAdmin Code Injection vulnerability Critical
CVE-2016-5734 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly... Critical Unreviewed
CVE-2025-1782 was published Apr 14, 2025
TYPO3 powermail extension has unrestricted file upload vulnerability High
CVE-2014-3947 was published for in2code/powermail (Composer) May 17, 2022
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code High
CVE-2014-3942 was published for typo3/cms (Composer) May 14, 2022
TYPO3 vulnerable to remote authenticated arbitrary code execution High
CVE-2013-4321 was published for typo3/cms (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database