GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,733
Composer 5,030
Erlang 39
GitHub Actions 38
Go 2,672
Maven 6,116
npm 4,297
NuGet 760
pip 4,075
Pub 12
RubyGems 957
Rust 1,058
Swift 45

Unreviewed advisories

All unreviewed 278,021

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

710 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in... Critical Unreviewed

CVE-2025-12813 was published Nov 11, 2025

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert... Critical Unreviewed

CVE-2025-42887 was published Nov 11, 2025

Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a... Critical Unreviewed

CVE-2020-36870 was published Nov 8, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy... Critical Unreviewed

CVE-2025-49372 was published Nov 6, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic... Critical Unreviewed

CVE-2025-47588 was published Nov 6, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget... Critical Unreviewed

CVE-2025-32222 was published Nov 6, 2025

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where... Critical Unreviewed

CVE-2025-34277 was published Oct 31, 2025

iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization. Critical Unreviewed

CVE-2025-50739 was published Oct 30, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid... Critical Unreviewed

CVE-2025-62959 was published Oct 27, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque... Critical Unreviewed

CVE-2025-62023 was published Oct 22, 2025

A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically... Critical Unreviewed

CVE-2025-57567 was published Oct 17, 2025

A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain... Critical Unreviewed

CVE-2025-11548 was published Oct 14, 2025

ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An... Critical Unreviewed

CVE-2025-46581 was published Oct 14, 2025

The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and... Critical Unreviewed

CVE-2025-9321 was published Sep 23, 2025

SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw... Critical Unreviewed

CVE-2025-42922 was published Sep 9, 2025

rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc. Critical Unreviewed

CVE-2025-57141 was published Sep 8, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in extremeidea bidorbuy... Critical Unreviewed

CVE-2025-48100 was published Aug 28, 2025

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution... Critical Unreviewed

CVE-2025-34159 was published Aug 27, 2025

The RunCommand function accepts any parameter, which is then passed for execution in the shell.... Critical Unreviewed

CVE-2025-30056 was published Aug 27, 2025

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command... Critical Unreviewed

CVE-2025-30057 was published Aug 27, 2025

In the Print.pl service, the "uhcPrintServerPrint" function allows execution of arbitrary code... Critical Unreviewed

CVE-2025-2313 was published Aug 27, 2025

The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is... Critical Unreviewed

CVE-2025-30055 was published Aug 27, 2025

Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield... Critical Unreviewed

CVE-2022-31491 was published Aug 22, 2025

An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated... Critical Unreviewed

CVE-2024-52786 was published Aug 22, 2025

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the... Critical Unreviewed

CVE-2011-10026 was published Aug 20, 2025

Previous1…29 Next

Previous 1 2 3 4 5 … 28 29 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

710 advisories