GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,381
Composer 4,822
Erlang 36
GitHub Actions 32
Go 2,413
Maven 5,809
npm 4,052
NuGet 723
pip 3,844
Pub 12
RubyGems 933
Rust 1,005
Swift 38

Unreviewed advisories

All unreviewed 264,828

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

944 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior... Critical Unreviewed

CVE-2024-41339 was published Feb 27, 2025

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860... Critical Unreviewed

CVE-2024-41334 was published Feb 27, 2025

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the... Critical Unreviewed

CVE-2025-44071 was published May 6, 2025

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the... Critical Unreviewed

CVE-2022-44089 was published Nov 10, 2022

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the... Critical Unreviewed

CVE-2022-44087 was published Nov 10, 2022

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the... Critical Unreviewed

CVE-2022-44088 was published Nov 10, 2022

XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList Critical

CVE-2024-55877 was published for org.xwiki.platform:xwiki-platform-help-ui (Maven) Dec 12, 2024

XWiki allows remote code execution through the extension sheet Critical

CVE-2024-55662 was published for org.xwiki.platform:xwiki-platform-repository-server-ui (Maven) Dec 12, 2024

In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be... Critical Unreviewed

CVE-2022-45132 was published Nov 19, 2022

Badaso vulnerable to Remote Code Execution (RCE) Critical

CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022

An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary... Critical Unreviewed

CVE-2025-45947 was published Apr 28, 2025

Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution... Critical Unreviewed

CVE-2022-44038 was published Nov 29, 2022

Craft CMS Allows Remote Code Execution Critical

CVE-2025-32432 was published for craftcms/cms (Composer) Apr 25, 2025

TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with... Critical Unreviewed

CVE-2025-43946 was published Apr 22, 2025

Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution ... Critical Unreviewed

CVE-2022-43333 was published Dec 2, 2022

An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute... Critical Unreviewed

CVE-2023-49032 was published Dec 21, 2023

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). Critical Unreviewed

CVE-2022-45550 was published Dec 7, 2022

An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a... Critical Unreviewed

CVE-2024-40446 was published Apr 22, 2025

An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php... Critical Unreviewed

CVE-2023-43958 was published Apr 22, 2025

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over... Critical Unreviewed

CVE-2025-3115 was published Apr 9, 2025

Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user... Critical Unreviewed

CVE-2024-56518 was published Apr 17, 2025

An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade... Critical Unreviewed

CVE-2025-29058 was published Apr 18, 2025

In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate... Critical Unreviewed

CVE-2017-16783 was published May 13, 2022

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress... Critical Unreviewed

CVE-2015-8351 was published May 14, 2022

SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2)... Critical Unreviewed

CVE-2017-11459 was published May 14, 2022

Previous 1 2 3 4 5 6 … 37 38 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

944 advisories