Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,247 advisories

Loading
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could... High Unreviewed
CVE-2025-50123 was published Jul 11, 2025
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows... High Unreviewed
CVE-2025-49704 was published Jul 8, 2025
Improper control of generation of code ('code injection') in Azure Monitor Agent allows an... High Unreviewed
CVE-2025-47988 was published Jul 8, 2025
The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2025-6744 was published Jul 8, 2025
IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a... High Unreviewed
CVE-2025-36014 was published Jul 7, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone... High Unreviewed
CVE-2025-52718 was published Jul 4, 2025
An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when... High Unreviewed
CVE-2025-34079 was published Jul 2, 2025
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git... High Unreviewed
CVE-2025-49521 was published Jun 30, 2025
This vulnerability allows network-adjacent attackers to create arbitrary files on affected... High Unreviewed
CVE-2024-23929 was published Jan 31, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Content No Cache... High Unreviewed
CVE-2025-28993 was published Jun 27, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an... High Unreviewed
CVE-2025-23265 was published Jun 26, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an... High Unreviewed
CVE-2025-23264 was published Jun 26, 2025
Windows WebBrowser Control Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-30194 was published Aug 10, 2022
Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022... High Unreviewed
CVE-2022-30175 was published Aug 10, 2022
An issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a... High Unreviewed
CVE-2022-44794 was published Nov 7, 2022
This issue was addressed by forcing hardened runtime on the affected binaries at the system level... High Unreviewed
CVE-2023-32383 was published Jan 11, 2024
A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that... High Unreviewed
CVE-2025-3509 was published Apr 18, 2025
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a... High Unreviewed
CVE-2025-5309 was published Jun 16, 2025
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0... High Unreviewed
CVE-2025-25021 was published Jun 3, 2025
An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted... High Unreviewed
CVE-2024-32358 was published Apr 25, 2024
Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022... High Unreviewed
CVE-2022-35773 was published Aug 10, 2022
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID... High Unreviewed
CVE-2022-34714 was published Aug 10, 2022
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID... High Unreviewed
CVE-2022-35767 was published Aug 10, 2022
Kea configuration and API directives can be used to load a malicious hook library. Many common... High Unreviewed
CVE-2025-32801 was published May 28, 2025
A potential local adjacent arbitrary code execution vulnerability that could potentially lead to... High Unreviewed
CVE-2022-28640 was published Sep 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database