Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

973 advisories

Loading
Flowise has Remote Code Execution vulnerability Critical
GHSA-3gcm-f6qx-ff7p was published for flowise (npm) Sep 15, 2025
im-soohyun
FlowiseAI Pre-Auth Arbitrary Code Execution Critical
GHSA-7944-7c6r-55vv was published for flowise (npm) Sep 15, 2025
Dipper37701
SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw... Critical Unreviewed
CVE-2025-42922 was published Sep 9, 2025
rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc. Critical Unreviewed
CVE-2025-57141 was published Sep 8, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in extremeidea bidorbuy... Critical Unreviewed
CVE-2025-48100 was published Aug 28, 2025
The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability Critical
CVE-2025-52122 was published for solspace/craft-freeform (Composer) Aug 27, 2025
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command... Critical Unreviewed
CVE-2025-30057 was published Aug 27, 2025
The RunCommand function accepts any parameter, which is then passed for execution in the shell.... Critical Unreviewed
CVE-2025-30056 was published Aug 27, 2025
The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is... Critical Unreviewed
CVE-2025-30055 was published Aug 27, 2025
In the Print.pl service, the "uhcPrintServerPrint" function allows execution of arbitrary code... Critical Unreviewed
CVE-2025-2313 was published Aug 27, 2025
Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield... Critical Unreviewed
CVE-2022-31491 was published Aug 22, 2025
An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated... Critical Unreviewed
CVE-2024-52786 was published Aug 22, 2025
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the... Critical Unreviewed
CVE-2011-10026 was published Aug 20, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS... Critical Unreviewed
CVE-2025-53577 was published Aug 20, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine... Critical Unreviewed
CVE-2025-48169 was published Aug 20, 2025
The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to... Critical Unreviewed
CVE-2025-8723 was published Aug 19, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML... Critical Unreviewed
CVE-2025-49887 was published Aug 14, 2025
Flowise JS injection remote code execution Critical
CVE-2025-55346 was published for flowise (npm) Aug 14, 2025
myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The... Critical Unreviewed
CVE-2011-10018 was published Aug 13, 2025
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its... Critical Unreviewed
CVE-2011-10019 was published Aug 13, 2025
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where... Critical Unreviewed
CVE-2011-10011 was published Aug 13, 2025
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common... Critical Unreviewed
CVE-2011-10013 was published Aug 13, 2025
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2025-52385 was published Aug 13, 2025
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function... Critical Unreviewed
CVE-2025-42957 was published Aug 12, 2025
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a... Critical Unreviewed
CVE-2025-42950 was published Aug 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database