Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,057 advisories

Loading
Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF... Critical Unreviewed
CVE-2025-68897 was published Dec 29, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy... Critical Unreviewed
CVE-2025-49372 was published Nov 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid... Critical Unreviewed
CVE-2025-62959 was published Oct 27, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel... Critical Unreviewed
CVE-2025-66078 was published Dec 18, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic... Critical Unreviewed
CVE-2025-47588 was published Nov 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget... Critical Unreviewed
CVE-2025-32222 was published Nov 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque... Critical Unreviewed
CVE-2025-62023 was published Oct 22, 2025
UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation Critical
CVE-2025-68924 was published for UmbracoForms (NuGet) Jan 13, 2026
chudyPB
Credited to chudyPB
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code... Critical Unreviewed
CVE-2025-61937 was published Jan 16, 2026
The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to... Critical Unreviewed
CVE-2025-64691 was published Jan 16, 2026
enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain Critical
CVE-2026-22686 was published for enclave-vm (npm) Jan 14, 2026
Spree has Remote Command Execution vulnerability in search functionality Critical
CVE-2011-10019 was published for spree (RubyGems) Aug 13, 2025
SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a... Critical Unreviewed
CVE-2026-0498 was published Jan 13, 2026
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager ... Critical Unreviewed
CVE-2026-0500 was published Jan 13, 2026
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability... Critical Unreviewed
CVE-2026-0491 was published Jan 13, 2026
Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python... Critical Unreviewed
CVE-2025-54322 was published Dec 27, 2025
JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 ... Critical Unreviewed
CVE-2025-66848 was published Dec 30, 2025
AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code... Critical Unreviewed
CVE-2020-36875 was published Jan 9, 2026
JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user... Critical Unreviewed
CVE-2025-66913 was published Jan 8, 2026
The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job... Critical Unreviewed
CVE-2025-66916 was published Jan 8, 2026
A remote code execution issue exists in HPE OneView. Critical Unreviewed
CVE-2025-37164 was published Dec 16, 2025
vm2 Sandbox Escape vulnerability Critical
CVE-2023-37466 was published for vm2 (npm) Jul 13, 2023
leesh3288
Credited to leesh3288
A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89... Critical Unreviewed
CVE-2025-66438 was published Dec 15, 2025
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote... Critical Unreviewed
CVE-2025-13773 was published Dec 24, 2025
An SSTI (Server-Side Template Injection) vulnerability exists in the get_dunning_letter_text... Critical Unreviewed
CVE-2025-66434 was published Dec 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database