Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

2,722 advisories

Loading
The Automation Scripting functionality can be exploited by attackers to run arbitrary system... High Unreviewed
CVE-2024-54448 was published Mar 14, 2025
An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient... High Unreviewed
CVE-2025-11093 was published Nov 5, 2025
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote... High Unreviewed
CVE-2022-47879 was published May 12, 2023
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could... High Unreviewed
CVE-2025-50123 was published Jul 11, 2025
yyjson has a Double Free vulnerability High
CVE-2024-25713 was published for github.com/ibireme/yyjson (Swift) Feb 29, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS... High Unreviewed
CVE-2024-23278 was published Mar 8, 2024
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution ... High Unreviewed
CVE-2024-22899 was published Feb 2, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3,... High Unreviewed
CVE-2024-23208 was published Jan 23, 2024
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6,... High Unreviewed
CVE-2023-41984 was published Sep 27, 2023
setuptools vulnerable to Command Injection via package URL High
CVE-2024-6345 was published for setuptools (pip) Jul 15, 2024
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54... High Unreviewed
CVE-2025-60785 was published Nov 3, 2025
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag High
CVE-2024-35226 was published for smarty/smarty (Composer) May 29, 2024
TrixterTheTux
Credited to TrixterTheTux
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS... High Unreviewed
CVE-2025-24243 was published Apr 1, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2,... High Unreviewed
CVE-2024-54529 was published Dec 12, 2024
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of... High Unreviewed
CVE-2024-11699 was published Nov 26, 2024
When handling keypress events, an attacker may have been able to trick a user into bypassing the ... High Unreviewed
CVE-2024-11697 was published Nov 26, 2024
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user... High Unreviewed
CVE-2025-8030 was published Jul 22, 2025
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited... High Unreviewed
CVE-2024-58258 was published Jul 14, 2025
A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS... High Unreviewed
CVE-2025-24159 was published Jan 28, 2025
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and... High Unreviewed
CVE-2025-6990 was published Nov 1, 2025
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2025-10487 was published Nov 1, 2025
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... High Unreviewed
CVE-2025-48984 was published Oct 31, 2025
An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code... High Unreviewed
CVE-2025-61196 was published Oct 30, 2025
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve... High Unreviewed
CVE-2025-56399 was published Oct 28, 2025
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso... High Unreviewed
CVE-2025-6204 was published Aug 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database