Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

973 advisories

Loading
The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to... Critical Unreviewed
CVE-2025-5392 was published Jul 11, 2025
XWiki Rendering is vulnerable to RCE attacks when processing nested macros Critical
CVE-2025-53836 was published for org.xwiki.rendering:xwiki-rendering-transformation-macro (Maven) Jul 14, 2025
renniepak
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a... Critical Unreviewed
CVE-2025-34127 was published Jul 17, 2025
The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up... Critical Unreviewed
CVE-2025-5396 was published Jul 17, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics... Critical Unreviewed
CVE-2025-54451 was published Jul 23, 2025
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1... Critical Unreviewed
CVE-2018-25114 was published Jul 23, 2025
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe... Critical Unreviewed
CVE-2016-15044 was published Jul 24, 2025
Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL. Critical Unreviewed
CVE-2025-53867 was published Jul 17, 2025
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience... Critical Unreviewed
CVE-2025-34138 was published Jul 25, 2025
An issue in Gardyn 4 allows a remote attacker execute arbitrary code Critical Unreviewed
CVE-2025-29631 was published Jul 25, 2025
Remote Code Execution Vulnerability in NPM mongo-express Critical
CVE-2019-10758 was published for mongo-express (npm) Dec 30, 2019
JLLeitschuh
Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration Critical
CVE-2025-6000 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the... Critical Unreviewed
CVE-2025-46059 was published Jul 29, 2025
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured... Critical Unreviewed
CVE-2025-51387 was published Aug 4, 2025
An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index... Critical Unreviewed
CVE-2025-50707 was published Aug 5, 2025
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service... Critical Unreviewed
CVE-2023-43091 was published Nov 17, 2024
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module Critical
CVE-2025-5120 was published for smolagents (pip) Jul 27, 2025
FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html. Critical Unreviewed
CVE-2025-50692 was published Aug 7, 2025
Privileged OpenBao Operator May Execute Code on the Underlying Host Critical
CVE-2025-54997 was published for github.com/openbao/openbao (Go) Aug 8, 2025
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function... Critical Unreviewed
CVE-2025-42957 was published Aug 12, 2025
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a... Critical Unreviewed
CVE-2025-42950 was published Aug 12, 2025
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where... Critical Unreviewed
CVE-2011-10011 was published Aug 13, 2025
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common... Critical Unreviewed
CVE-2011-10013 was published Aug 13, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML... Critical Unreviewed
CVE-2025-49887 was published Aug 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database