Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

902 advisories

Loading
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function... Critical Unreviewed
CVE-2025-27429 was published Apr 8, 2025
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a... Critical Unreviewed
CVE-2025-31330 was published Apr 8, 2025
An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2025-29064 was published Apr 3, 2025
Netwrix Password Secure through 9.2 allows command injection. Critical Unreviewed
CVE-2025-26818 was published Apr 3, 2025
pgAdmin 4 Vulnerable to Remote Code Execution Critical
CVE-2025-2945 was published for pgadmin4 (pip) Apr 3, 2025
The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all... Critical Unreviewed
CVE-2024-13645 was published Apr 4, 2025
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a... Critical Unreviewed
CVE-2024-54804 was published Mar 31, 2025
Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi... Critical Unreviewed
CVE-2024-54806 was published Mar 31, 2025
In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in... Critical Unreviewed
CVE-2024-54807 was published Mar 31, 2025
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a... Critical Unreviewed
CVE-2024-54803 was published Mar 31, 2025
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a... Critical Unreviewed
CVE-2024-54805 was published Mar 31, 2025
Remote code execution in simple-git Critical
CVE-2022-25860 was published for simple-git (npm) Jan 26, 2023
Remote Code Execution in com.bstek.uflo:uflo-core Critical
CVE-2022-25894 was published for com.bstek.uflo:uflo-core (Maven) Jan 26, 2023
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound DigiWidgets... Critical Unreviewed
CVE-2025-30580 was published Apr 1, 2025
Deserialization of Untrusted Data and Code Injection in xstream Critical
CVE-2019-10173 was published for com.thoughtworks.xstream:xstream (Maven) Jul 26, 2019
Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit... Critical Unreviewed
CVE-2025-30911 was published Apr 1, 2025
Zenario uses Twig filters insecurely in the Twig Snippet plugin Critical
CVE-2024-34461 was published for tribalsystems/zenario (Composer) May 4, 2024
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case... Critical Unreviewed
CVE-2025-29306 was published Mar 27, 2025
Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the... Critical Unreviewed
CVE-2022-48175 was published Jan 31, 2023
An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2024-25249 was published Feb 21, 2024
An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2024-31004 was published Apr 2, 2024
An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to... Critical Unreviewed
CVE-2024-24525 was published Feb 29, 2024
Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when... Critical Unreviewed
CVE-2025-26003 was published Mar 26, 2025
Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a... Critical Unreviewed
CVE-2024-22632 was published Apr 26, 2024
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted... Critical Unreviewed
CVE-2024-31666 was published Apr 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database