Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,080
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

293 advisories

Loading
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Critical
CVE-2025-62593 was published for ray (pip) Nov 26, 2025
JLLeitschuh avilum
Credited to JLLeitschuh and avilum
md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter Critical
CVE-2025-65108 was published for md-to-pdf (npm) Nov 20, 2025
Prodigysec
Credited to Prodigysec
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode Critical
CVE-2025-12762 was published for pgadmin4 (pip) Nov 13, 2025
jonbally
Credited to jonbally
Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution Critical
GHSA-3g4j-r53p-22wx was published for flowise (npm) Oct 17, 2025 withdrawn
Happy DOM: VM Context Escape can lead to Remote Code Execution Critical
CVE-2025-61927 was published for happy-dom (npm) Oct 10, 2025
Mas0nShi
Credited to Mas0nShi
risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read` Critical
CVE-2025-61588 was published for risc0-aggregation (Rust) Oct 1, 2025
j178/prek-action vulnerable to arbitrary code injection in composite action Critical
GHSA-pwf7-47c3-mfhx was published for j178/prek-action (GitHub Actions) Sep 29, 2025
mondeja
Credited to mondeja
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning Critical
CVE-2025-59823 was published for github.com/gardener/gardener-extension-provider-aws (Go) Sep 25, 2025
petersutter kon-angelo
hebelsan JordanJordanov donistz
Credited to petersutter, kon-angelo, hebelsan, JordanJordanov, and donistz
Spring Expression language property modification using Spring Cloud Gateway Server WebFlux Critical
CVE-2025-41243 was published for org.springframework.cloud:spring-cloud-gateway-server-webflux (Maven) Sep 16, 2025
Flowise has Remote Code Execution vulnerability Critical
CVE-2025-59528 was published for flowise (npm) Sep 15, 2025
im-soohyun
Credited to im-soohyun
FlowiseAI Pre-Auth Arbitrary Code Execution Critical
CVE-2025-57164 was published for flowise (npm) Sep 15, 2025
Dipper37701
Credited to Dipper37701
The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability Critical
CVE-2025-52122 was published for solspace/craft-freeform (Composer) Aug 27, 2025
Spree Commerce is vulnerable to RCE through Search API Critical
CVE-2011-10026 was published for rd_searchlogic (RubyGems) Aug 20, 2025
Duplicate Advisory: Flowise vulnerable to RCE via Dynamic function constructor injection Critical
GHSA-q4xx-mc3q-23x8 was published for flowise (npm) Aug 14, 2025 withdrawn
Privileged OpenBao Operator May Execute Code on the Underlying Host Critical
CVE-2025-54997 was published for github.com/openbao/openbao (Go) Aug 8, 2025
Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration Critical
CVE-2025-6000 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module Critical
CVE-2025-5120 was published for smolagents (pip) Jul 27, 2025
Livewire is vulnerable to remote command execution during component property update hydration Critical
CVE-2025-54068 was published for livewire/livewire (Composer) Jul 17, 2025
remsio-syn worty-syn
Credited to remsio-syn and worty-syn
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
Credited to odaysec
XWiki Rendering is vulnerable to RCE attacks when processing nested macros Critical
CVE-2025-53836 was published for org.xwiki.rendering:xwiki-rendering-transformation-macro (Maven) Jul 14, 2025
renniepak
Credited to renniepak
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution Critical
CVE-2025-49132 was published for pterodactyl/panel (Composer) Jun 19, 2025
azimoff337
Credited to azimoff337
Langflow Unauth RCE Critical
CVE-2025-3248 was published for langflow (pip) Jun 17, 2025
chximn-dt
Credited to chximn-dt
Langroid has a Code Injection vulnerability in TableChatAgent Critical
CVE-2025-46724 was published for langroid (pip) May 20, 2025
SCH227
Credited to SCH227
Apache IoTDB Vulnerable to Remote Code Execution Critical
CVE-2024-24780 was published for apache-iotdb (Maven) May 14, 2025
Craft CMS Allows Remote Code Execution Critical
CVE-2025-32432 was published for craftcms/cms (Composer) Apr 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database