GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,332
Composer 5,119
Erlang 40
GitHub Actions 38
Go 2,801
Maven 6,196
npm 4,426
NuGet 773
pip 4,202
Pub 12
RubyGems 968
Rust 1,086
Swift 47

Unreviewed advisories

All unreviewed 284,996

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

731 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python... Critical Unreviewed

CVE-2025-54322 was published Dec 27, 2025

JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 ... Critical Unreviewed

CVE-2025-66848 was published Dec 30, 2025

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code... Critical Unreviewed

CVE-2020-36875 was published Jan 9, 2026

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user... Critical Unreviewed

CVE-2025-66913 was published Jan 8, 2026

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job... Critical Unreviewed

CVE-2025-66916 was published Jan 8, 2026

A remote code execution issue exists in HPE OneView. Critical Unreviewed

CVE-2025-37164 was published Dec 16, 2025

A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89... Critical Unreviewed

CVE-2025-66438 was published Dec 15, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF... Critical Unreviewed

CVE-2025-68897 was published Dec 29, 2025

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote... Critical Unreviewed

CVE-2025-13773 was published Dec 24, 2025

An SSTI (Server-Side Template Injection) vulnerability exists in the get_dunning_letter_text... Critical Unreviewed

CVE-2025-66434 was published Dec 15, 2025

An issue in GT Edge AI Platform Versions before v2.0.10-dev allows attackers to execute arbitrary... Critical Unreviewed

CVE-2025-63665 was published Dec 19, 2025

AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution... Critical Unreviewed

CVE-2025-34433 was published Dec 19, 2025

Improper control of generation of code ('code injection') in Azure Container Apps allows an... Critical Unreviewed

CVE-2025-65037 was published Dec 19, 2025

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows... Critical Unreviewed

CVE-2025-65602 was published Dec 10, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel... Critical Unreviewed

CVE-2025-66078 was published Dec 18, 2025

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused... Critical Unreviewed

CVE-2025-46295 was published Dec 16, 2025

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox <... Critical Unreviewed

CVE-2025-14324 was published Dec 9, 2025

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025... Critical Unreviewed

CVE-2025-65294 was published Dec 11, 2025

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert... Critical Unreviewed

CVE-2025-42880 was published Dec 9, 2025

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution... Critical Unreviewed

CVE-2025-13486 was published Dec 3, 2025

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute... Critical Unreviewed

CVE-2025-13658 was published Dec 2, 2025

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions... Critical Unreviewed

CVE-2025-6389 was published Nov 25, 2025

An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management... Critical Unreviewed

CVE-2025-34046 was published Jun 26, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy... Critical Unreviewed

CVE-2025-49372 was published Nov 6, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque... Critical Unreviewed

CVE-2025-62023 was published Oct 22, 2025

Previous1…30 Next

Previous 1 2 3 4 5 … 29 30 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

731 advisories