Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,765 advisories

Loading
An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute... High Unreviewed
CVE-2025-29629 was published Jul 25, 2025
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience... Critical Unreviewed
CVE-2025-34138 was published Jul 25, 2025
A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform... High Unreviewed
CVE-2025-34114 was published Jul 25, 2025
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe... Critical Unreviewed
CVE-2016-15044 was published Jul 24, 2025
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1... Critical Unreviewed
CVE-2018-25114 was published Jul 23, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics... Critical Unreviewed
CVE-2025-54451 was published Jul 23, 2025
SAP FICA ODN framework allows a high privileged user to inject value inside the local variable... Moderate Unreviewed
CVE-2025-42947 was published Jul 23, 2025
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user... High Unreviewed
CVE-2025-8030 was published Jul 22, 2025
Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai... High Unreviewed
CVE-2025-51482 was published Jul 22, 2025
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all... High Unreviewed
CVE-2025-6213 was published Jul 22, 2025
A locally authenticated, privileged user can craft a malicious OpenSSL configuration file,... Moderate Unreviewed
CVE-2025-0664 was published Jul 21, 2025
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of... Moderate Unreviewed
CVE-2025-46000 was published Jul 18, 2025
A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag'... High Unreviewed
CVE-2025-3753 was published Jul 17, 2025
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic'... High Unreviewed
CVE-2024-41148 was published Jul 17, 2025
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic'... High Unreviewed
CVE-2024-41921 was published Jul 17, 2025
A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam'... High Unreviewed
CVE-2024-39289 was published Jul 17, 2025
A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch... High Unreviewed
CVE-2024-39835 was published Jul 17, 2025
Livewire is vulnerable to remote command execution during component property update hydration Critical
CVE-2025-54068 was published for livewire/livewire (Composer) Jul 17, 2025
remsio-syn worty-syn
Credited to remsio-syn and worty-syn
Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL. Critical Unreviewed
CVE-2025-53867 was published Jul 17, 2025
The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up... Critical Unreviewed
CVE-2025-5396 was published Jul 17, 2025
A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx)... High Unreviewed
CVE-2025-34128 was published Jul 17, 2025
A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a... Critical Unreviewed
CVE-2025-34127 was published Jul 17, 2025
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS... High Unreviewed
CVE-2025-37105 was published Jul 16, 2025
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
Credited to odaysec
XWiki Rendering is vulnerable to RCE attacks when processing nested macros Critical
CVE-2025-53836 was published for org.xwiki.rendering:xwiki-rendering-transformation-macro (Maven) Jul 14, 2025
renniepak
Credited to renniepak
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database