Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,457 advisories

Loading
Apache Pinot has Groovy Function support enabled by default Critical
CVE-2022-26112 was published for org.apache.pinot:pinot (Maven) Sep 25, 2022
Kea configuration and API directives can be used to load a malicious hook library. Many common... High Unreviewed
CVE-2025-32801 was published May 28, 2025
A potential local adjacent arbitrary code execution vulnerability that could potentially lead to... High Unreviewed
CVE-2022-28640 was published Sep 21, 2022
A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary... High Unreviewed
CVE-2025-45752 was published May 21, 2025
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential... High Unreviewed
CVE-2024-13952 was published May 22, 2025
Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials... High Unreviewed
CVE-2024-9639 was published May 22, 2025
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database... High Unreviewed
CVE-2024-13928 was published May 22, 2025
Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials... High Unreviewed
CVE-2025-30172 was published May 22, 2025
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator... High Unreviewed
CVE-2024-13929 was published May 22, 2025
Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE)... Critical Unreviewed
CVE-2023-48085 was published Dec 14, 2023
A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges... High Unreviewed
CVE-2025-45753 was published May 21, 2025
An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate... High Unreviewed
CVE-2025-27998 was published May 21, 2025
Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an... High Unreviewed
CVE-2022-40497 was published Sep 29, 2022
TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to... High Unreviewed
CVE-2022-40486 was published Sep 29, 2022
A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0... Critical Unreviewed
CVE-2025-44881 was published May 20, 2025
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client... High Unreviewed
CVE-2022-40274 was published Oct 1, 2022
Langroid has a Code Injection vulnerability in TableChatAgent Critical
CVE-2025-46724 was published for langroid (pip) May 20, 2025
SCH227
Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store High
CVE-2025-46725 was published for langroid (pip) May 20, 2025
SCH227
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to... High Unreviewed
CVE-2024-54780 was published May 14, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP... Moderate Unreviewed
CVE-2025-48119 was published May 16, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG Lite... Moderate Unreviewed
CVE-2025-48120 was published May 16, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in RomanCode MapSVG... Moderate Unreviewed
CVE-2025-47562 was published May 16, 2025
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the... Critical Unreviewed
CVE-2025-26845 was published May 8, 2025
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code... High Unreviewed
CVE-2022-42902 was published Oct 13, 2022
Dolibarr vulnerable to Eval Injection Critical
CVE-2022-40871 was published for dolibarr/dolibarr (Composer) Oct 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database