GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 25,938
Composer 5,201
Erlang 40
GitHub Actions 38
Go 2,950
Maven 6,244
npm 4,596
NuGet 787
pip 4,301
Pub 12
RubyGems 982
Rust 1,121
Swift 49

Unreviewed advisories

All unreviewed 288,637

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

747 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via... Critical Unreviewed

CVE-2025-70073 was published Feb 5, 2026

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows... Critical Unreviewed

CVE-2020-37052 was published Jan 31, 2026

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated... Critical Unreviewed

CVE-2026-1281 was published Jan 30, 2026

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated... Critical Unreviewed

CVE-2026-1340 was published Jan 30, 2026

An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remote attacker to execute... Critical Unreviewed

CVE-2025-69517 was published Jan 28, 2026

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser... Critical Unreviewed

CVE-2025-69564 was published Jan 27, 2026

Improper Control of Generation of Code ('Code Injection') vulnerability in pilgrimage233... Critical Unreviewed

CVE-2026-24871 was published Jan 27, 2026

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows... Critical Unreviewed

CVE-2026-0768 was published Jan 23, 2026

Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution... Critical Unreviewed

CVE-2026-0761 was published Jan 23, 2026

Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event... Critical Unreviewed

CVE-2025-68015 was published Jan 22, 2026

Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio... Critical Unreviewed

CVE-2025-67944 was published Jan 22, 2026

ipTIME routers A2003NS-MU 10.00.6 to 12.16.2 , N600 10.00.8 to 12.16.2, A604-V3 10.01.6 to 10.07... Critical Unreviewed

CVE-2025-55423 was published Jan 20, 2026

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code... Critical Unreviewed

CVE-2025-61937 was published Jan 16, 2026

The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to... Critical Unreviewed

CVE-2025-64691 was published Jan 16, 2026

SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a... Critical Unreviewed

CVE-2026-0498 was published Jan 13, 2026

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager ... Critical Unreviewed

CVE-2026-0500 was published Jan 13, 2026

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability... Critical Unreviewed

CVE-2026-0491 was published Jan 13, 2026

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code... Critical Unreviewed

CVE-2020-36875 was published Jan 9, 2026

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job... Critical Unreviewed

CVE-2025-66916 was published Jan 8, 2026

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user... Critical Unreviewed

CVE-2025-66913 was published Jan 8, 2026

JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 ... Critical Unreviewed

CVE-2025-66848 was published Dec 30, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF... Critical Unreviewed

CVE-2025-68897 was published Dec 29, 2025

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python... Critical Unreviewed

CVE-2025-54322 was published Dec 27, 2025

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote... Critical Unreviewed

CVE-2025-13773 was published Dec 24, 2025

An issue in GT Edge AI Platform Versions before v2.0.10-dev allows attackers to execute arbitrary... Critical Unreviewed

CVE-2025-63665 was published Dec 19, 2025

Previous1…30 Next

Previous 1 2 3 4 5 … 29 30 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

747 advisories