Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

973 advisories

Loading
The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all... Critical Unreviewed
CVE-2024-13645 was published Apr 4, 2025
An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2025-29064 was published Apr 3, 2025
Netwrix Password Secure through 9.2 allows command injection. Critical Unreviewed
CVE-2025-26818 was published Apr 3, 2025
pgAdmin 4 Vulnerable to Remote Code Execution Critical
CVE-2025-2945 was published for pgadmin4 (pip) Apr 3, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound DigiWidgets... Critical Unreviewed
CVE-2025-30580 was published Apr 1, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit... Critical Unreviewed
CVE-2025-30911 was published Apr 1, 2025
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a... Critical Unreviewed
CVE-2024-54805 was published Mar 31, 2025
In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in... Critical Unreviewed
CVE-2024-54807 was published Mar 31, 2025
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a... Critical Unreviewed
CVE-2024-54804 was published Mar 31, 2025
Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi... Critical Unreviewed
CVE-2024-54806 was published Mar 31, 2025
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a... Critical Unreviewed
CVE-2024-54803 was published Mar 31, 2025
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case... Critical Unreviewed
CVE-2025-29306 was published Mar 27, 2025
Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when... Critical Unreviewed
CVE-2025-26003 was published Mar 26, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text... Critical Unreviewed
CVE-2025-28893 was published Mar 26, 2025
An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to... Critical Unreviewed
CVE-2024-48818 was published Mar 25, 2025
A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to... Critical Unreviewed
CVE-2024-55028 was published Mar 25, 2025
An improper control of generation of code ('Code Injection') vulnerability in the... Critical Unreviewed
CVE-2024-45480 was published Mar 25, 2025
A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an... Critical Unreviewed
CVE-2024-8581 was published Mar 20, 2025
An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to... Critical Unreviewed
CVE-2024-57061 was published Mar 19, 2025
An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7... Critical Unreviewed
CVE-2025-29401 was published Mar 19, 2025
An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters... Critical Unreviewed
CVE-2024-55551 was published Mar 19, 2025
Flowise allows arbitrary file write to RCE Critical
GHSA-8vvx-qvq9-5948 was published for flowise (npm) Mar 14, 2025
pyozzi-toss
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh... Critical Unreviewed
CVE-2025-26936 was published Mar 10, 2025
An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2024-42733 was published Mar 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database