Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

944 advisories

Loading
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface... Critical Unreviewed
CVE-2025-34074 was published Jul 2, 2025
Apache IoTDB Vulnerable to Remote Code Execution Critical
CVE-2024-24780 was published for apache-iotdb (Maven) May 14, 2025
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0... Critical Unreviewed
CVE-2025-37099 was published Jul 1, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.Kazi Custom... Critical Unreviewed
CVE-2025-49029 was published Jul 1, 2025
Langflow Unauth RCE Critical
CVE-2025-3248 was published for langflow (pip) Jun 17, 2025
chximn-dt
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management... Critical Unreviewed
CVE-2025-34046 was published Jun 26, 2025
An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-37743 was published Jun 24, 2025
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection')... Critical Unreviewed
CVE-2024-47208 was published Nov 18, 2024
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... Critical Unreviewed
CVE-2025-23121 was published Jun 19, 2025
On a client with a non-admin user, a script can be integrated into a report. The reports could... Critical Unreviewed
CVE-2025-6512 was published Jun 23, 2025
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution Critical
CVE-2025-49132 was published for pterodactyl/panel (Composer) Jun 19, 2025
azimoff337
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings... Critical Unreviewed
CVE-2025-47916 was published May 16, 2025
xunruicms <=4.5.1 is vulnerable to Remote Code Execution. Critical Unreviewed
CVE-2021-38243 was published Sep 27, 2023
In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result... Critical Unreviewed
CVE-2025-32106 was published Jun 3, 2025
A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS... Critical Unreviewed
CVE-2025-28386 was published Jun 13, 2025
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection... Critical Unreviewed
CVE-2024-23692 was published May 31, 2024
Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
GHSA-c995-4fw3-j39m was published for langflow (pip) Apr 7, 2025 withdrawn
An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute... Critical Unreviewed
CVE-2023-50488 was published Feb 2, 2024
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote... Critical Unreviewed
CVE-2022-45699 was published Feb 10, 2023
Remote code execution that allows unauthorized users to execute arbitrary code on the server... Critical Unreviewed
CVE-2025-29902 was published Jun 13, 2025
Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2024-48359 was published Oct 31, 2024
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code... Critical Unreviewed
CVE-2022-31860 was published Sep 7, 2022
Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was... Critical Unreviewed
CVE-2025-30085 was published Jun 11, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering... Critical Unreviewed
CVE-2025-48123 was published Jun 9, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi... Critical Unreviewed
CVE-2025-48140 was published Jun 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database