Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,634 advisories

Loading
Livewire is vulnerable to remote command execution during component property update hydration Critical
CVE-2025-54068 was published for livewire/livewire (Composer) Jul 17, 2025
remsio-syn worty-syn
Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL. Critical Unreviewed
CVE-2025-53867 was published Jul 17, 2025
The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up... Critical Unreviewed
CVE-2025-5396 was published Jul 17, 2025
A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a... Critical Unreviewed
CVE-2025-34127 was published Jul 17, 2025
A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx)... High Unreviewed
CVE-2025-34128 was published Jul 17, 2025
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS... High Unreviewed
CVE-2025-37105 was published Jul 16, 2025
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
XWiki Rendering is vulnerable to RCE attacks when processing nested macros Critical
CVE-2025-53836 was published for org.xwiki.rendering:xwiki-rendering-transformation-macro (Maven) Jul 14, 2025
renniepak
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS... High Unreviewed
CVE-2024-51768 was published Jul 14, 2025
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited... High Unreviewed
CVE-2024-58258 was published Jul 14, 2025
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could... High Unreviewed
CVE-2025-50123 was published Jul 11, 2025
The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to... Critical Unreviewed
CVE-2025-5392 was published Jul 11, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory... Moderate Unreviewed
CVE-2024-7650 was published Jul 10, 2025
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that... Critical Unreviewed
CVE-2025-34077 was published Jul 9, 2025
Helm vulnerable to Code Injection through malicious chart.yaml content High
CVE-2025-53547 was published for helm.sh/helm/v3 (Go) Jul 8, 2025
jake-ciolek
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows... High Unreviewed
CVE-2025-49704 was published Jul 8, 2025
Improper control of generation of code ('code injection') in Azure Monitor Agent allows an... High Unreviewed
CVE-2025-47988 was published Jul 8, 2025
The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2025-6744 was published Jul 8, 2025
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This... Critical Unreviewed
CVE-2025-42967 was published Jul 8, 2025
IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a... High Unreviewed
CVE-2025-36014 was published Jul 7, 2025
Insufficient security mechanisms for created containers in educoder challenges v1.0 allow... Critical Unreviewed
CVE-2025-45479 was published Jul 7, 2025
A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This... Moderate Unreviewed
CVE-2025-7101 was published Jul 7, 2025
Remote attackers can execute arbitrary code in the context of the vulnerable service process. Critical Unreviewed
CVE-2025-5333 was published Jul 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone... High Unreviewed
CVE-2025-52718 was published Jul 4, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy... Critical Unreviewed
CVE-2025-49302 was published Jul 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database