GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,904
Composer 4,871
Erlang 37
GitHub Actions 36
Go 2,504
Maven 5,949
npm 4,149
NuGet 735
pip 3,949
Pub 12
RubyGems 945
Rust 1,025
Swift 39

Unreviewed advisories

All unreviewed 269,795

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

974 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Bundler allows attacker to inject arbitrary code via secondary Gem source Critical

CVE-2016-7954 was published for bundler (RubyGems) May 14, 2022

In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open... Critical Unreviewed

CVE-2025-3579 was published Apr 15, 2025

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a... Critical Unreviewed

CVE-2025-28146 was published Apr 4, 2025

Code Execution via Malicious Files: Attackers can create specially crafted files with embedded... Critical Unreviewed

CVE-2025-3114 was published Apr 9, 2025

An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows... Critical Unreviewed

CVE-2024-29500 was published Apr 10, 2024

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27678 was published Mar 5, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27657 was published Mar 5, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post... Critical Unreviewed

CVE-2025-32583 was published Apr 17, 2025

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted,... Critical Unreviewed

CVE-2021-22646 was published Jul 29, 2022

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0... Critical Unreviewed

CVE-2025-1568 was published Apr 17, 2025

A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute... Critical Unreviewed

CVE-2025-26014 was published Feb 21, 2025

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command... Critical Unreviewed

CVE-2023-51018 was published Dec 22, 2023

A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated... Critical Unreviewed

CVE-2025-29662 was published Apr 17, 2025

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute... Critical Unreviewed

CVE-2016-6175 was published May 17, 2022

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the... Critical Unreviewed

CVE-2017-7402 was published May 13, 2022

A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The... Critical Unreviewed

CVE-2017-7691 was published May 17, 2022

An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig... Critical Unreviewed

CVE-2017-9807 was published May 17, 2022

SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2)... Critical Unreviewed

CVE-2017-11459 was published May 14, 2022

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress... Critical Unreviewed

CVE-2015-8351 was published May 14, 2022

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate... Critical Unreviewed

CVE-2017-16783 was published May 13, 2022

An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade... Critical Unreviewed

CVE-2025-29058 was published Apr 18, 2025

Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user... Critical Unreviewed

CVE-2024-56518 was published Apr 17, 2025

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over... Critical Unreviewed

CVE-2025-3115 was published Apr 9, 2025

An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php... Critical Unreviewed

CVE-2023-43958 was published Apr 22, 2025

An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a... Critical Unreviewed

CVE-2024-40446 was published Apr 22, 2025

Previous 1…34…39 Next

Previous 1 2 … 32 33 34 35 36 37 38 39 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

974 advisories