Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,765 advisories

Loading
Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE... Moderate Unreviewed
CVE-2025-54466 was published Aug 15, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS... Moderate Unreviewed
CVE-2025-7961 was published Aug 15, 2025
The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2025-8105 was published Aug 16, 2025
The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile &... Moderate Unreviewed
CVE-2025-8878 was published Aug 16, 2025
The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to... Critical Unreviewed
CVE-2025-8723 was published Aug 19, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom... High Unreviewed
CVE-2025-30975 was published Aug 20, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine... Critical Unreviewed
CVE-2025-48169 was published Aug 20, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS... Critical Unreviewed
CVE-2025-53577 was published Aug 20, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone... Moderate Unreviewed
CVE-2025-54019 was published Aug 20, 2025
Spree Commerce is vulnerable to RCE through Search API Critical
CVE-2011-10026 was published for rd_searchlogic (RubyGems) Aug 20, 2025
Maple versions up to and including 13's Maplet framework allows embedded commands to be executed... High Unreviewed
CVE-2010-20120 was published Aug 21, 2025
An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated... Critical Unreviewed
CVE-2024-52786 was published Aug 22, 2025
Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield... Critical Unreviewed
CVE-2022-31491 was published Aug 22, 2025
Craft CMS Potential Remote Code Execution via Twig SSTI Moderate
CVE-2025-57811 was published for craftcms/cms (Composer) Aug 25, 2025
singetu0096
Credited to singetu0096
Delta Electronics COMMGR has Code Injection vulnerability. High Unreviewed
CVE-2025-53419 was published Aug 26, 2025
SelectZero Data Observability Platform before 2025.5.2 is vulnerable to Content Spoofing / Text... High Unreviewed
CVE-2025-52218 was published Aug 26, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services... High Unreviewed
CVE-2025-23312 was published Aug 26, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where... High Unreviewed
CVE-2025-23313 was published Aug 26, 2025
NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by... High Unreviewed
CVE-2025-23307 was published Aug 26, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where... High Unreviewed
CVE-2025-23314 was published Aug 26, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy... High Unreviewed
CVE-2025-23315 was published Aug 26, 2025
The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is... Critical Unreviewed
CVE-2025-30055 was published Aug 27, 2025
In the Print.pl service, the "uhcPrintServerPrint" function allows execution of arbitrary code... Critical Unreviewed
CVE-2025-2313 was published Aug 27, 2025
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command... Critical Unreviewed
CVE-2025-30057 was published Aug 27, 2025
The RunCommand function accepts any parameter, which is then passed for execution in the shell.... Critical Unreviewed
CVE-2025-30056 was published Aug 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database