Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,759
Maven
5,000+
npm
4,365
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,769 advisories

Loading
A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an... Moderate Unreviewed
CVE-2025-11344 was published Oct 6, 2025
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare )... High Unreviewed
CVE-2025-2787 was published Mar 26, 2025
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters High
CVE-2025-61773 was published for pyload-ng (pip) Oct 9, 2025
odaysec
Credited to odaysec
Happy DOM: VM Context Escape can lead to Remote Code Execution Critical
CVE-2025-61927 was published for happy-dom (npm) Oct 10, 2025
Mas0nShi
Credited to Mas0nShi
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do... High Unreviewed
CVE-2014-2378 was published May 17, 2022
SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript... Moderate Unreviewed
CVE-2025-42901 was published Oct 14, 2025
An low privileged remote attacker with an account for the Web-based management can change the... High Unreviewed
CVE-2025-41699 was published Oct 14, 2025
ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An... Critical Unreviewed
CVE-2025-46581 was published Oct 14, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics... Critical Unreviewed
CVE-2024-10035 was published Nov 4, 2024
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in... Moderate Unreviewed
CVE-2025-31365 was published Oct 14, 2025
A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain... Critical Unreviewed
CVE-2025-11548 was published Oct 14, 2025
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote... Critical Unreviewed
CVE-2024-10131 was published Oct 19, 2024
In the `manim` plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability... High Unreviewed
CVE-2024-10954 was published Mar 20, 2025
A command injection vulnerability exists in the workflow-checker.yml workflow of significant... High Unreviewed
CVE-2024-8156 was published Mar 20, 2025
A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an... Critical Unreviewed
CVE-2024-8581 was published Mar 20, 2025
h2o vulnerable to unexpected POST request shutting down server High
CVE-2024-5979 was published for h2o (pip) Jun 27, 2024
H2O Vulnerable to Denial of Service (DoS) and File Write High
CVE-2024-10572 was published for ai.h2o:h2o-ext-xgboost (Maven) Mar 20, 2025
Kedro allows Remote Code Execution by Pulling Micro Packages High
CVE-2024-12215 was published for kedro (pip) Mar 20, 2025
LiteLLM Vulnerable to Remote Code Execution (RCE) High
CVE-2024-6825 was published for litellm (pip) Mar 20, 2025
A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects... Moderate Unreviewed
CVE-2025-3842 was published Apr 21, 2025
Mautic allows Remote Code Execution and File Deletion in Asset Uploads Critical
CVE-2024-47051 was published for mautic/core (Composer) Feb 26, 2025
mallo-m patrykgruszka
Credited to mallo-m and patrykgruszka
bagisto has Server Side Template Injection (SSTI) in Product Description Moderate
CVE-2025-62416 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically... Critical Unreviewed
CVE-2025-57567 was published Oct 17, 2025
Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution Critical
GHSA-3g4j-r53p-22wx was published for flowise (npm) Oct 17, 2025 withdrawn
FlowiseAI Pre-Auth Arbitrary Code Execution Critical
CVE-2025-57164 was published for flowise (npm) Sep 15, 2025
Dipper37701
Credited to Dipper37701
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database