GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,256
Composer 4,633
Erlang 34
GitHub Actions 25
Go 2,238
Maven 5,484
npm 3,900
NuGet 701
pip 3,666
Pub 12
RubyGems 914
Rust 943
Swift 38

Unreviewed advisories

All unreviewed 252,429

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,179 advisories

Filter by severity

Sort by

Least recently updated

A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron... High Unreviewed

CVE-2024-50960 was published Apr 15, 2025

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability... High Unreviewed

CVE-2025-29281 was published Apr 15, 2025

Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and... High Unreviewed

CVE-2023-42875 was published Apr 11, 2025

The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed

CVE-2025-2805 was published Apr 10, 2025

The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed

CVE-2025-2809 was published Apr 10, 2025

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to... High Unreviewed

CVE-2025-23186 was published Apr 8, 2025

insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can... High Unreviewed

CVE-2024-45199 was published Apr 3, 2025

insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject... High Unreviewed

CVE-2024-45198 was published Apr 3, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS... High Unreviewed

CVE-2025-24243 was published Apr 1, 2025

The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in... High Unreviewed

CVE-2025-2803 was published Mar 29, 2025

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare )... High Unreviewed

CVE-2025-2787 was published Mar 26, 2025

The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-2303 was published Mar 22, 2025

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute... High Unreviewed

CVE-2025-29807 was published Mar 21, 2025

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a... High Unreviewed

CVE-2025-0185 was published Mar 20, 2025

SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update... High Unreviewed

CVE-2024-9439 was published Mar 20, 2025

A command injection vulnerability exists in the `pandas.DataFrame.query` function of pandas-dev... High Unreviewed

CVE-2024-9880 was published Mar 20, 2025

man-group dtale version <= 3.13.1 contains a vulnerability where the query parameters from the... High Unreviewed

CVE-2024-9016 was published Mar 20, 2025

A command injection vulnerability exists in the workflow-checker.yml workflow of significant... High Unreviewed

CVE-2024-8156 was published Mar 20, 2025

In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpreter` is vulnerable to code... High Unreviewed

CVE-2024-10950 was published Mar 20, 2025

A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF... High Unreviewed

CVE-2024-10252 was published Mar 20, 2025

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR... High Unreviewed

CVE-2024-21760 was published Mar 18, 2025

The Automation Scripting functionality can be exploited by attackers to run arbitrary system... High Unreviewed

CVE-2024-54448 was published Mar 14, 2025

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for... High Unreviewed

CVE-2025-1119 was published Mar 13, 2025

LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the... High Unreviewed

CVE-2025-25680 was published Mar 11, 2025

The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-2169 was published Mar 11, 2025

Previous 1 2 3 4 5 … 87 88 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,179 advisories