Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,571 advisories

Loading
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso... High Unreviewed
CVE-2025-6204 was published Aug 4, 2025
A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control ... High Unreviewed
CVE-2013-10057 was published Aug 1, 2025
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the... High Unreviewed
CVE-2013-10035 was published Jul 31, 2025
A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that... High Unreviewed
CVE-2025-7361 was published Jul 30, 2025
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module High
CVE-2025-5120 was published for smolagents (pip) Jul 27, 2025
An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute... High Unreviewed
CVE-2025-29629 was published Jul 25, 2025
A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform... High Unreviewed
CVE-2025-34114 was published Jul 25, 2025
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user... High Unreviewed
CVE-2025-8030 was published Jul 22, 2025
In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a... High Unreviewed
CVE-2024-32925 was published Jun 13, 2024
Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai... High Unreviewed
CVE-2025-51482 was published Jul 22, 2025
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows... High Unreviewed
CVE-2025-49704 was published Jul 8, 2025
The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all... High Unreviewed
CVE-2025-6213 was published Jul 22, 2025
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS... High Unreviewed
CVE-2025-37105 was published Jul 16, 2025
A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag'... High Unreviewed
CVE-2025-3753 was published Jul 17, 2025
A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch... High Unreviewed
CVE-2024-39835 was published Jul 17, 2025
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic'... High Unreviewed
CVE-2024-41921 was published Jul 17, 2025
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic'... High Unreviewed
CVE-2024-41148 was published Jul 17, 2025
A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam'... High Unreviewed
CVE-2024-39289 was published Jul 17, 2025
A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx)... High Unreviewed
CVE-2025-34128 was published Jul 17, 2025
Helm vulnerable to Code Injection through malicious chart.yaml content High
CVE-2025-53547 was published for helm.sh/helm/v3 (Go) Jul 8, 2025
jake-ciolek
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI High
CVE-2024-52293 was published for craftcms/cms (Composer) Nov 13, 2024
rewhile
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS... High Unreviewed
CVE-2024-51768 was published Jul 14, 2025
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited... High Unreviewed
CVE-2024-58258 was published Jul 14, 2025
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could... High Unreviewed
CVE-2025-50123 was published Jul 11, 2025
Improper control of generation of code ('code injection') in Azure Monitor Agent allows an... High Unreviewed
CVE-2025-47988 was published Jul 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database