Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

902 advisories

Loading
A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to... Critical Unreviewed
CVE-2024-55028 was published Mar 25, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text... Critical Unreviewed
CVE-2025-28893 was published Mar 26, 2025
An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to... Critical Unreviewed
CVE-2024-48818 was published Mar 25, 2025
An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to... Critical Unreviewed
CVE-2024-57061 was published Mar 19, 2025
An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7... Critical Unreviewed
CVE-2025-29401 was published Mar 19, 2025
An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters... Critical Unreviewed
CVE-2024-55551 was published Mar 19, 2025
An improper control of generation of code ('Code Injection') vulnerability in the... Critical Unreviewed
CVE-2024-45480 was published Mar 25, 2025
Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v... Critical Unreviewed
CVE-2024-40530 was published Aug 5, 2024
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote... Critical Unreviewed
CVE-2022-45699 was published Feb 10, 2023
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
Code Injection in thorsten/phpmyfaq Critical
CVE-2023-0788 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove... Critical Unreviewed
CVE-2024-52393 was published Nov 14, 2024
A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit... Critical Unreviewed
CVE-2024-24421 was published Jan 22, 2025
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform... Critical Unreviewed
CVE-2025-22912 was published Jan 16, 2025
A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an... Critical Unreviewed
CVE-2024-8581 was published Mar 20, 2025
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and... Critical Unreviewed
CVE-2024-51298 was published Oct 30, 2024
Apache Dolphinscheduler Code Injection vulnerability Critical
CVE-2024-43202 was published for org.apache.dolphinscheduler:dolphinscheduler-task-api (Maven) Aug 20, 2024
Remote Code Execution (RCE) vulnerability in geoserver Critical
CVE-2024-36401 was published for org.geoserver.web:gs-web-app (Maven) Jul 1, 2024
sikeoka jodygarnett
aaime
An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename... Critical Unreviewed
CVE-2021-33949 was published Feb 17, 2023
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a... Critical Unreviewed
CVE-2024-49747 was published Jan 22, 2025
typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2023-24114 was published Feb 22, 2023
Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand... Critical Unreviewed
CVE-2025-25675 was published Feb 21, 2025
A mismatch between allocator and deallocator could have lead to memory corruption. This... Critical Unreviewed
CVE-2024-6602 was published Jul 9, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions Critical
CVE-2024-9264 was published for github.com/grafana/grafana (Go) Oct 18, 2024
Malayke
Flowise allows arbitrary file write to RCE Critical
GHSA-8vvx-qvq9-5948 was published for flowise (npm) Mar 14, 2025
pyozzi-toss
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database