Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,760 advisories

Loading
Improper Control of Generation of Code ('Code Injection') vulnerability in Sayan Datta WP Last... High Unreviewed
CVE-2025-52756 was published Oct 22, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid... Critical Unreviewed
CVE-2025-62959 was published Oct 27, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic... Critical Unreviewed
CVE-2025-47588 was published Nov 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget... Critical Unreviewed
CVE-2025-32222 was published Nov 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium... High Unreviewed
CVE-2025-49926 was published Oct 22, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone... High Unreviewed
CVE-2025-60206 was published Oct 22, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque... Critical Unreviewed
CVE-2025-62023 was published Oct 22, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy... Critical Unreviewed
CVE-2025-49372 was published Nov 6, 2025
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode Critical
CVE-2025-12762 was published for pgadmin4 (pip) Nov 13, 2025
jonbally
Credited to jonbally
OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed High
CVE-2025-64099 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Nov 12, 2025
Jean-Eudes
Credited to Jean-Eudes
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management... Critical Unreviewed
CVE-2025-34046 was published Jun 26, 2025
The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is... Moderate Unreviewed
CVE-2025-7711 was published Nov 18, 2025
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an... High Unreviewed
CVE-2025-33184 was published Nov 18, 2025
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an... High Unreviewed
CVE-2025-33183 was published Nov 18, 2025
The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to,... High Unreviewed
CVE-2025-13035 was published Nov 19, 2025
The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks... Moderate Unreviewed
CVE-2025-63693 was published Nov 18, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed
CVE-2025-10703 was published Nov 19, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed
CVE-2025-10702 was published Nov 19, 2025
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability High Unreviewed
CVE-2025-59251 was published Sep 24, 2025
The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions... Critical Unreviewed
CVE-2025-6389 was published Nov 25, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components,... High Unreviewed
CVE-2025-33204 was published Nov 25, 2025
The Developer Tools feature suffers from a XUL injection vulnerability due to improper... High Unreviewed
CVE-2017-7798 was published May 14, 2022
md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter Critical
CVE-2025-65108 was published for md-to-pdf (npm) Nov 20, 2025
Prodigysec
Credited to Prodigysec
REDAXO CMS is vulnerable to RCE attack through its template management component High
CVE-2025-64050 was published for redaxo/source (Composer) Nov 25, 2025
Craft CMS Potential Remote Code Execution via Twig SSTI Moderate
CVE-2025-57811 was published for craftcms/cms (Composer) Aug 25, 2025
singetu0096
Credited to singetu0096
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database