Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,558 advisories

Loading
Craft CMS has a theoretical bypass for CVE-2025-23209 Moderate
CVE-2025-54417 was published for craftcms/cms (Composer) Aug 8, 2025
angrybrad timkelty
segfault-it
Privileged OpenBao Operator May Execute Code on the Underlying Host Critical
CVE-2025-54997 was published for github.com/openbao/openbao (Go) Aug 8, 2025
An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4... Moderate Unreviewed
CVE-2025-54940 was published Aug 8, 2025
FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html. Critical Unreviewed
CVE-2025-50692 was published Aug 7, 2025
An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index... Critical Unreviewed
CVE-2025-50707 was published Aug 5, 2025
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured... Critical Unreviewed
CVE-2025-51387 was published Aug 4, 2025
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso... High Unreviewed
CVE-2025-6204 was published Aug 4, 2025
A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control ... High Unreviewed
CVE-2013-10057 was published Aug 1, 2025
Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration Critical
CVE-2025-6000 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the... High Unreviewed
CVE-2013-10035 was published Jul 31, 2025
Pyload log Injection via API /json/add_package in add_name parameter Moderate
GHSA-3wwm-hjv7-23r3 was published for pyload-ng (pip) Jul 30, 2025
SeaW1nd
A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that... High Unreviewed
CVE-2025-7361 was published Jul 30, 2025
langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the... Critical Unreviewed
CVE-2025-46059 was published Jul 29, 2025
A flaw was found in GLib. A denial of service on Windows platforms may occur if an application... Low Unreviewed
CVE-2025-4056 was published Jul 28, 2025
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module Critical
CVE-2025-5120 was published for smolagents (pip) Jul 27, 2025
An issue in Gardyn 4 allows a remote attacker execute arbitrary code Critical Unreviewed
CVE-2025-29631 was published Jul 25, 2025
An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute... High Unreviewed
CVE-2025-29629 was published Jul 25, 2025
A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform... High Unreviewed
CVE-2025-34114 was published Jul 25, 2025
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience... Critical Unreviewed
CVE-2025-34138 was published Jul 25, 2025
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe... Critical Unreviewed
CVE-2016-15044 was published Jul 24, 2025
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1... Critical Unreviewed
CVE-2018-25114 was published Jul 23, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics... Critical Unreviewed
CVE-2025-54451 was published Jul 23, 2025
SAP FICA ODN framework allows a high privileged user to inject value inside the local variable... Moderate Unreviewed
CVE-2025-42947 was published Jul 23, 2025
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user... High Unreviewed
CVE-2025-8030 was published Jul 22, 2025
Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai... High Unreviewed
CVE-2025-51482 was published Jul 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database