Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

948 advisories

Loading
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php... Critical Unreviewed
CVE-2023-43958 was published Apr 22, 2025
An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a... Critical Unreviewed
CVE-2024-40446 was published Apr 22, 2025
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). Critical Unreviewed
CVE-2022-45550 was published Dec 7, 2022
An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute... Critical Unreviewed
CVE-2023-49032 was published Dec 21, 2023
Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution ... Critical Unreviewed
CVE-2022-43333 was published Dec 2, 2022
TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with... Critical Unreviewed
CVE-2025-43946 was published Apr 22, 2025
Craft CMS Allows Remote Code Execution Critical
CVE-2025-32432 was published for craftcms/cms (Composer) Apr 25, 2025
Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution... Critical Unreviewed
CVE-2022-44038 was published Nov 29, 2022
An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary... Critical Unreviewed
CVE-2025-45947 was published Apr 28, 2025
Badaso vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be... Critical Unreviewed
CVE-2022-45132 was published Nov 19, 2022
XWiki allows remote code execution through the extension sheet Critical
CVE-2024-55662 was published for org.xwiki.platform:xwiki-platform-repository-server-ui (Maven) Dec 12, 2024
XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList Critical
CVE-2024-55877 was published for org.xwiki.platform:xwiki-platform-help-ui (Maven) Dec 12, 2024
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the... Critical Unreviewed
CVE-2022-44087 was published Nov 10, 2022
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the... Critical Unreviewed
CVE-2022-44088 was published Nov 10, 2022
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the... Critical Unreviewed
CVE-2022-44089 was published Nov 10, 2022
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed
CVE-2025-44071 was published May 6, 2025
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860... Critical Unreviewed
CVE-2024-41334 was published Feb 27, 2025
An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior... Critical Unreviewed
CVE-2024-41339 was published Feb 27, 2025
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as... Critical Unreviewed
CVE-2020-21016 was published Oct 31, 2022
Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability. Critical Unreviewed
CVE-2025-28203 was published May 9, 2025
Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management... Critical Unreviewed
CVE-2025-46191 was published May 9, 2025
Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a... Critical Unreviewed
CVE-2025-29509 was published May 9, 2025
IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because... Critical Unreviewed
CVE-2025-46661 was published Apr 28, 2025
An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin... Critical Unreviewed
CVE-2025-44022 was published May 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database