Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,575 advisories

Loading
A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of... Moderate Unreviewed
CVE-2025-11938 was published Oct 19, 2025
Magento Community Edition Improper Input Validation vulnerability Critical
CVE-2025-54236 was published for magento/community-edition (Composer) Sep 9, 2025
The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-11497 was published Oct 25, 2025
Synapse vulnerable to federation denial of service via malformed events High
CVE-2025-30355 was published for matrix-synapse (pip) Mar 27, 2025
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that... High Unreviewed
CVE-2025-60938 was published Oct 24, 2025
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload High
CVE-2025-59537 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
s0ngsari530 jake-ciolek
crenshaw-dev blakepettersson
Credited to s0ngsari530, jake-ciolek, crenshaw-dev, and blakepettersson
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning Critical
CVE-2025-59823 was published for github.com/gardener/gardener-extension-provider-aws (Go) Sep 25, 2025
petersutter kon-angelo
hebelsan JordanJordanov donistz
Credited to petersutter, kon-angelo, hebelsan, JordanJordanov, and donistz
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
CVE-2025-8556 was published for github.com/cloudflare/circl (Go) Jun 10, 2025
An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could... High Unreviewed
CVE-2024-6436 was published Sep 27, 2024
Code injection in Apache Struts Critical
CVE-2013-2251 was published for org.apache.struts:struts2-core (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Apache Struts Remote Java Code Execution Critical
CVE-2012-0391 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ
Credited to sunSUNQ
Improper Input Validation in Apache Struts High
CVE-2006-1547 was published for struts:struts (Maven) May 1, 2022
Magento improper input validation vulnerability Critical
CVE-2022-24086 was published for magento/community-edition (Composer) Feb 17, 2022
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ppkarwasz
Credited to ppkarwasz
An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server... Moderate Unreviewed
CVE-2025-11958 was published Oct 22, 2025
SaltStack Salt is vulnerable Arbitrary Directory Access High
CVE-2020-11652 was published for salt (pip) May 24, 2022
Improper Input Validation in Apache Solr High
CVE-2019-17558 was published for org.apache.solr:solr-core (Maven) Feb 12, 2020
Improper Input Validation in Apache ActiveMQ Critical
CVE-2016-3088 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation Critical
CVE-2017-5638 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Credited to sunSUNQ
Code execution in Apache Struts 1 plugin Critical
CVE-2017-9791 was published for org.apache.struts:struts2-struts1-plugin (Maven) May 13, 2022
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7600 was published for drupal/core (Composer) May 14, 2022
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation High
CVE-2018-11776 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
Credited to sunSUNQ
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
ota42y Alnusjaponica Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, ota42y, Alnusjaponica, Isotr0py, and DarkLight1337
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8,... High Unreviewed
CVE-2014-4114 was published May 14, 2022
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows... High Unreviewed
CVE-2013-3900 was published May 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database