Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,057 advisories

Loading
Apache MINA Deserialization RCE Vulnerability Critical
CVE-2024-52046 was published for org.apache.mina:mina-core (Maven) Dec 25, 2024
Malayke
Credited to Malayke
PandasAI interactive prompt function Remote Code Execution (RCE) Critical
CVE-2024-12366 was published for pandasai (pip) Feb 11, 2025
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not... Critical Unreviewed
CVE-2023-24538 was published Apr 6, 2023
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present.... Critical Unreviewed
CVE-2023-49070 was published Dec 5, 2023
The CloudStack integration API service allows running its unauthenticated API server (usually on... Critical Unreviewed
CVE-2024-39864 was published Jul 5, 2024
RocketMQ NameServer component Code Injection vulnerability Critical
CVE-2023-37582 was published for org.apache.rocketmq:rocketmq-namesrv (Maven) Jul 12, 2023
Apache InLong Manager Remote Code Execution vulnerability Critical
CVE-2023-51784 was published for org.apache.inlong:manager-pojo (Maven) Jan 3, 2024
Withdrawn Advisory: Command injection in Ray Critical
CVE-2024-57000 was published for ray (pip) Feb 12, 2025 withdrawn
Insufficient tracking and releasing of allocated used memory in libx264 git master allows... Critical Unreviewed
CVE-2025-25467 was published Feb 19, 2025
Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft... Critical Unreviewed
CVE-2023-25261 was published Mar 27, 2023
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library Critical
CVE-2023-39631 was published for langchain (pip) Sep 1, 2023
eyurtsev
Credited to eyurtsev
SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to... Critical Unreviewed
CVE-2024-57401 was published Feb 20, 2025
A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1... Critical Unreviewed
CVE-2024-54756 was published Feb 21, 2025
Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483. Critical Unreviewed
CVE-2023-24795 was published Mar 16, 2023
An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to... Critical Unreviewed
CVE-2023-25344 was published Mar 15, 2023
ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows... Critical Unreviewed
CVE-2025-27554 was published Mar 1, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme... Critical Unreviewed
CVE-2025-26970 was published Mar 3, 2025
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0... Critical Unreviewed
CVE-2024-53944 was published Feb 27, 2025
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows... Critical Unreviewed
CVE-2024-50704 was published Mar 4, 2025
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows... Critical Unreviewed
CVE-2024-50707 was published Mar 4, 2025
FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index... Critical Unreviewed
CVE-2025-25789 was published Mar 5, 2025
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections... Critical Unreviewed
CVE-2023-27986 was published Mar 9, 2023
SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation... Critical Unreviewed
CVE-2023-22889 was published Mar 8, 2023
Moodle Session Fixation vulnerability Critical
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows... Critical Unreviewed
CVE-2022-45553 was published Mar 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database