Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,365 advisories

Loading
There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE... High Unreviewed
CVE-2025-46579 was published Apr 27, 2025
The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in... Moderate Unreviewed
CVE-2024-13812 was published Apr 26, 2025
The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to... High Unreviewed
CVE-2025-3491 was published Apr 26, 2025
The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in... High Unreviewed
CVE-2024-13808 was published Apr 26, 2025
The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin... High Unreviewed
CVE-2025-2801 was published Apr 26, 2025
Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository High
CVE-2025-3641 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository High
CVE-2025-3642 was published for moodle/moodle (Composer) Apr 25, 2025
Craft CMS Allows Remote Code Execution Critical
CVE-2025-32432 was published for craftcms/cms (Composer) Apr 25, 2025
The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code... High Unreviewed
CVE-2025-3776 was published Apr 24, 2025
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user... High Unreviewed
CVE-2025-1976 was published Apr 24, 2025
A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR... Moderate Unreviewed
CVE-2025-0618 was published Apr 23, 2025
TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with... Critical Unreviewed
CVE-2025-43946 was published Apr 22, 2025
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php... Critical Unreviewed
CVE-2023-43958 was published Apr 22, 2025
NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of... High Unreviewed
CVE-2025-23251 was published Apr 22, 2025
An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a... Critical Unreviewed
CVE-2024-40446 was published Apr 22, 2025
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all... Moderate Unreviewed
CVE-2025-3472 was published Apr 22, 2025
An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade... Critical Unreviewed
CVE-2025-29058 was published Apr 18, 2025
A Remote Code Execution (RCE) vulnerability was identified in GitHub Enterprise Server that... High Unreviewed
CVE-2025-3509 was published Apr 18, 2025
Pycel allows code injection via a crafted formula High
CVE-2024-53924 was published for pycel (pip) Apr 17, 2025
A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated... Critical Unreviewed
CVE-2025-29662 was published Apr 17, 2025
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the... High Unreviewed
CVE-2025-29039 was published Apr 17, 2025
Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run. High Unreviewed
CVE-2025-29661 was published Apr 17, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post... Critical Unreviewed
CVE-2025-32583 was published Apr 17, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real... High Unreviewed
CVE-2025-32596 was published Apr 17, 2025
Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user... Critical Unreviewed
CVE-2024-56518 was published Apr 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database