Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,648 advisories

Loading
Claude Code vulnerable to command execution prior to startup trust dialog High
CVE-2025-65099 was published for @anthropic-ai/claude-code (npm) Nov 19, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed
CVE-2025-10703 was published Nov 19, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed
CVE-2025-10702 was published Nov 19, 2025
The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to,... High Unreviewed
CVE-2025-13035 was published Nov 19, 2025
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an... High Unreviewed
CVE-2025-33184 was published Nov 18, 2025
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an... High Unreviewed
CVE-2025-33183 was published Nov 18, 2025
The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is... High Unreviewed
CVE-2025-12733 was published Nov 13, 2025
OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed High
CVE-2025-64099 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Nov 12, 2025
Jean-Eudes
Credited to Jean-Eudes
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component... High Unreviewed
CVE-2025-33178 was published Nov 11, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data... High Unreviewed
CVE-2025-23357 was published Nov 11, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious... High Unreviewed
CVE-2025-23361 was published Nov 11, 2025
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a... High Unreviewed
CVE-2025-12637 was published Nov 11, 2025
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-9334 was published Nov 8, 2025
An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient... High Unreviewed
CVE-2025-11093 was published Nov 5, 2025
expr-eval does not restrict functions passed to the evaluate function High
CVE-2025-12735 was published for expr-eval (npm) Nov 5, 2025
sei-vsarvepalli
Credited to sei-vsarvepalli
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54... High Unreviewed
CVE-2025-60785 was published Nov 3, 2025
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and... High Unreviewed
CVE-2025-6990 was published Nov 1, 2025
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2025-10487 was published Nov 1, 2025
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... High Unreviewed
CVE-2025-48984 was published Oct 31, 2025
An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code... High Unreviewed
CVE-2025-61196 was published Oct 30, 2025
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve... High Unreviewed
CVE-2025-56399 was published Oct 28, 2025
A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4... High Unreviewed
CVE-2025-61136 was published Oct 23, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone... High Unreviewed
CVE-2025-60206 was published Oct 22, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Sayan Datta WP Last... High Unreviewed
CVE-2025-52756 was published Oct 22, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium... High Unreviewed
CVE-2025-49926 was published Oct 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database