Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,571 advisories

Loading
Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because... High Unreviewed
CVE-2023-22514 was published Jan 16, 2024
The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to... High Unreviewed
CVE-2024-13793 was published May 8, 2025
A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux)... High Unreviewed
CVE-2024-13861 was published Apr 11, 2025
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography... High Unreviewed
CVE-2024-0220 was published Feb 22, 2024
The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all... High Unreviewed
CVE-2025-2802 was published May 6, 2025
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS... High Unreviewed
CVE-2022-32924 was published Nov 2, 2022
OPA server Data API HTTP path injection of Rego High
CVE-2025-46569 was published for github.com/open-policy-agent/opa (Go) May 1, 2025
GamrayW HyouKash
AdrienIT
The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable... High Unreviewed
CVE-2024-13738 was published May 3, 2025
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to... High Unreviewed
CVE-2022-37904 was published Dec 12, 2022
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to... High Unreviewed
CVE-2022-37905 was published Dec 12, 2022
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics... High Unreviewed
CVE-2025-2421 was published May 2, 2025
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user... High Unreviewed
CVE-2025-1976 was published Apr 24, 2025
A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI... High Unreviewed
CVE-2021-3661 was published Dec 12, 2022
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE... High Unreviewed
CVE-2025-46579 was published Apr 27, 2025
The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin... High Unreviewed
CVE-2025-2801 was published Apr 26, 2025
The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to... High Unreviewed
CVE-2025-3491 was published Apr 26, 2025
The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in... High Unreviewed
CVE-2024-13808 was published Apr 26, 2025
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized... High Unreviewed
CVE-2022-39833 was published Nov 23, 2022
Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository High
CVE-2025-3642 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository High
CVE-2025-3641 was published for moodle/moodle (Composer) Apr 25, 2025
snyk Code Injection vulnerability High
CVE-2022-24441 was published for snyk (npm) Jul 6, 2023
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote... High Unreviewed
CVE-2022-43542 was published Dec 12, 2022
A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote... High Unreviewed
CVE-2022-44533 was published Dec 12, 2022
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote... High Unreviewed
CVE-2022-43541 was published Dec 12, 2022
The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code... High Unreviewed
CVE-2025-3776 was published Apr 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database