Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,769 advisories

Loading
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface... Critical Unreviewed
CVE-2025-34074 was published Jul 2, 2025
HashiCorp Vagrant has code injection vulnerability through default synced folders Moderate
CVE-2025-34075 was published for vagrant (RubyGems) Jul 2, 2025
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0... Critical Unreviewed
CVE-2025-37099 was published Jul 1, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.Kazi Custom... Critical Unreviewed
CVE-2025-49029 was published Jul 1, 2025
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git... High Unreviewed
CVE-2025-49521 was published Jun 30, 2025
LLaMA-Factory allows Code Injection through improper vhead_file safeguards High
CVE-2025-53002 was published for llamafactory (pip) Jun 27, 2025
LianKee
Credited to LianKee
Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Content No Cache... High Unreviewed
CVE-2025-28993 was published Jun 27, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an... High Unreviewed
CVE-2025-23265 was published Jun 26, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an... High Unreviewed
CVE-2025-23264 was published Jun 26, 2025
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management... Critical Unreviewed
CVE-2025-34046 was published Jun 26, 2025
An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-37743 was published Jun 24, 2025
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute... Critical Unreviewed
CVE-2023-48978 was published Jun 23, 2025
On a client with a non-admin user, a script can be integrated into a report. The reports could... Critical Unreviewed
CVE-2025-6512 was published Jun 23, 2025
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution Critical
CVE-2025-49132 was published for pterodactyl/panel (Composer) Jun 19, 2025
azimoff337
Credited to azimoff337
A vulnerability allowing local system users to modify directory contents, allowing for arbitrary... Moderate Unreviewed
CVE-2025-24287 was published Jun 19, 2025
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... Critical Unreviewed
CVE-2025-23121 was published Jun 19, 2025
Langflow Unauth RCE Critical
CVE-2025-3248 was published for langflow (pip) Jun 17, 2025
chximn-dt
Credited to chximn-dt
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a... High Unreviewed
CVE-2025-5309 was published Jun 16, 2025
A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is... Moderate Unreviewed
CVE-2025-6101 was published Jun 16, 2025
XWiki allows remote code execution through default value of wiki macro wiki-type parameters High
CVE-2025-49581 was published for org.xwiki.platform:xwiki-platform-rendering-wikimacro-store (Maven) Jun 13, 2025
A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS... Critical Unreviewed
CVE-2025-28386 was published Jun 13, 2025
Remote code execution that allows unauthorized users to execute arbitrary code on the server... Critical Unreviewed
CVE-2025-29902 was published Jun 13, 2025
Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was... Critical Unreviewed
CVE-2025-30085 was published Jun 11, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi... Critical Unreviewed
CVE-2025-48140 was published Jun 9, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering... Critical Unreviewed
CVE-2025-48123 was published Jun 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database