Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,766 advisories

Loading
Improper Control of Generation of Code ('Code Injection') vulnerability in Tareq Hasan WP User... Moderate Unreviewed
CVE-2025-58673 was published Sep 22, 2025
Flowise has Remote Code Execution vulnerability Critical
CVE-2025-59528 was published for flowise (npm) Sep 15, 2025
im-soohyun
Credited to im-soohyun
The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and... Critical Unreviewed
CVE-2025-9321 was published Sep 23, 2025
An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due... Moderate Unreviewed
CVE-2025-5717 was published Sep 23, 2025
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component,... High Unreviewed
CVE-2025-23304 was published Aug 13, 2025
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its... Critical Unreviewed
CVE-2011-10019 was published Aug 13, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where... High Unreviewed
CVE-2025-23348 was published Sep 24, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq... High Unreviewed
CVE-2025-23349 was published Sep 24, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script... High Unreviewed
CVE-2025-23354 was published Sep 24, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script... High Unreviewed
CVE-2025-23353 was published Sep 24, 2025
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email High
CVE-2025-59041 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
cai0duque
Credited to cai0duque
Improper Control of Generation of Code ('Code Injection') vulnerability in YayCommerce... Moderate Unreviewed
CVE-2025-60114 was published Sep 26, 2025
XWiki Platform: Remote code execution as guest via DatabaseSearch Critical
CVE-2024-31982 was published for org.xwiki.platform:xwiki-platform-search-ui (Maven) Apr 10, 2024
MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server High
CVE-2025-58444 was published for @modelcontextprotocol/inspector (npm) Sep 8, 2025
cai0duque
Credited to cai0duque
Code injection in Apache Ant High
CVE-2020-11979 was published for org.apache.ant:ant (Maven) Feb 3, 2021
cpropps-sysdig AndrzejBiernacki2010
Credited to cpropps-sysdig and AndrzejBiernacki2010
j178/prek-action vulnerable to arbitrary code injection in composite action Critical
GHSA-pwf7-47c3-mfhx was published for j178/prek-action (GitHub Actions) Sep 29, 2025
mondeja
Credited to mondeja
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible... Critical Unreviewed
CVE-2024-1297 was published Feb 20, 2024
This vulnerability affects Firefox < 143.0.3. High Unreviewed
CVE-2025-11153 was published Sep 30, 2025
An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP... High Unreviewed
CVE-2024-44757 was published Nov 18, 2024
Dolibarr vulnerable to RCE via the computed field parameter High
CVE-2025-56588 was published for dolibarr/dolibarr (Composer) Oct 1, 2025
risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read` Critical
CVE-2025-61588 was published for risc0-aggregation (Rust) Oct 1, 2025
PlotAI eval vulnerability Critical
CVE-2025-1497 was published for plotai (pip) Mar 10, 2025
Claude Code can execute commands prior to the startup trust dialog High
CVE-2025-59536 was published for @anthropic-ai/claude-code (npm) Oct 3, 2025
A security flaw has been discovered in MuYuCMS up to 2.7. Affected by this issue is some unknown... Moderate Unreviewed
CVE-2025-10993 was published Sep 26, 2025
Duplicate Advisory: Flowise vulnerable to RCE via Dynamic function constructor injection Critical
GHSA-q4xx-mc3q-23x8 was published for flowise (npm) Aug 14, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database