Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

677 advisories

Loading
Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration Critical
CVE-2025-6000 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Pyload log Injection via API /json/add_package in add_name parameter Moderate
GHSA-3wwm-hjv7-23r3 was published for pyload-ng (pip) Jul 30, 2025
SeaW1nd
Remote Code Execution Vulnerability in NPM mongo-express Critical
CVE-2019-10758 was published for mongo-express (npm) Dec 30, 2019
JLLeitschuh
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module High
CVE-2025-5120 was published for smolagents (pip) Jul 27, 2025
Livewire is vulnerable to remote command execution during component property update hydration Critical
CVE-2025-54068 was published for livewire/livewire (Composer) Jul 17, 2025
Helm vulnerable to Code Injection through malicious chart.yaml content High
CVE-2025-53547 was published for helm.sh/helm/v3 (Go) Jul 8, 2025
jake-ciolek
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI High
CVE-2024-52293 was published for craftcms/cms (Composer) Nov 13, 2024
rewhile
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
odaysec
XWiki Rendering is vulnerable to RCE attacks when processing nested macros Critical
CVE-2025-53836 was published for org.xwiki.rendering:xwiki-rendering-transformation-macro (Maven) Jul 14, 2025
renniepak
Bolt CMS vulnerable to authenticated remote code execution High
CVE-2025-34086 was published for bolt/bolt (Composer) Jul 3, 2025
HashiCorp Vagrant has code injection vulnerability through default synced folders Moderate
CVE-2025-34075 was published for vagrant (RubyGems) Jul 2, 2025
Apache IoTDB Vulnerable to Remote Code Execution Critical
CVE-2024-24780 was published for apache-iotdb (Maven) May 14, 2025
Eval Injection in fastbots High
CVE-2023-48699 was published for fastbots (pip) Nov 21, 2023
ubertidavide
Langflow Unauth RCE Critical
CVE-2025-3248 was published for langflow (pip) Jun 17, 2025
chximn-dt
Stage.js DOM Clobbering vulnerabilty Moderate
CVE-2024-53386 was published for stage-js (npm) Mar 3, 2025
PrismJS DOM Clobbering vulnerability Moderate
CVE-2024-53382 was published for prismjs (npm) Mar 3, 2025
lkuechler
LLaMA-Factory allows Code Injection through improper vhead_file safeguards High
CVE-2025-53002 was published for llamafactory (pip) Jun 27, 2025
LianKee
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution Critical
CVE-2025-49132 was published for pterodactyl/panel (Composer) Jun 19, 2025
azimoff337
Remote Code Execution vulnerability in Apache IoTDB via UDF High
CVE-2023-46226 was published for apache-iotdb (Maven) Jan 15, 2024
Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
GHSA-c995-4fw3-j39m was published for langflow (pip) Apr 7, 2025 withdrawn
XWiki allows remote code execution through default value of wiki macro wiki-type parameters High
CVE-2025-49581 was published for org.xwiki.platform:xwiki-platform-rendering-wikimacro-store (Maven) Jun 13, 2025
Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language Moderate
CVE-2025-35036 was published for org.hibernate.validator:hibernate-validator (Maven) Jun 3, 2025
Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution Low
CVE-2025-5321 was published for aim (pip) May 29, 2025
docarray prototype pollution Moderate
CVE-2025-5150 was published for docarray (pip) May 25, 2025
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database