Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,483
Maven
5,000+
npm
4,104
NuGet
734
pip
3,917
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,618 advisories

Loading
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows... High Unreviewed
CVE-2025-49704 was published Jul 8, 2025
Improper control of generation of code ('code injection') in Azure Monitor Agent allows an... High Unreviewed
CVE-2025-47988 was published Jul 8, 2025
The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2025-6744 was published Jul 8, 2025
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This... Critical Unreviewed
CVE-2025-42967 was published Jul 8, 2025
IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a... High Unreviewed
CVE-2025-36014 was published Jul 7, 2025
Insufficient security mechanisms for created containers in educoder challenges v1.0 allow... Critical Unreviewed
CVE-2025-45479 was published Jul 7, 2025
Remote attackers can execute arbitrary code in the context of the vulnerable service process. Critical Unreviewed
CVE-2025-5333 was published Jul 6, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone... High Unreviewed
CVE-2025-52718 was published Jul 4, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy... Critical Unreviewed
CVE-2025-49302 was published Jul 4, 2025
Bolt CMS vulnerable to authenticated remote code execution High
CVE-2025-34086 was published for bolt/bolt (Composer) Jul 3, 2025
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote... Critical Unreviewed
CVE-2025-34089 was published Jul 3, 2025
A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to... Critical Unreviewed
CVE-2025-34061 was published Jul 3, 2025
An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when... High Unreviewed
CVE-2025-34079 was published Jul 2, 2025
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface... Critical Unreviewed
CVE-2025-34074 was published Jul 2, 2025
HashiCorp Vagrant has code injection vulnerability through default synced folders Moderate
CVE-2025-34075 was published for vagrant (RubyGems) Jul 2, 2025
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0... Critical Unreviewed
CVE-2025-37099 was published Jul 1, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.Kazi Custom... Critical Unreviewed
CVE-2025-49029 was published Jul 1, 2025
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git... High Unreviewed
CVE-2025-49521 was published Jun 30, 2025
LLaMA-Factory allows Code Injection through improper vhead_file safeguards High
CVE-2025-53002 was published for llamafactory (pip) Jun 27, 2025
LianKee
Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Content No Cache... High Unreviewed
CVE-2025-28993 was published Jun 27, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an... High Unreviewed
CVE-2025-23265 was published Jun 26, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an... High Unreviewed
CVE-2025-23264 was published Jun 26, 2025
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management... Critical Unreviewed
CVE-2025-34046 was published Jun 26, 2025
An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-37743 was published Jun 24, 2025
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute... Critical Unreviewed
CVE-2023-48978 was published Jun 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database