Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,361 advisories

Loading
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. High Unreviewed
CVE-2020-8644 was published May 24, 2022
Unraid through 6.8.0 allows Remote Code Execution. High Unreviewed
CVE-2020-5847 was published May 24, 2022
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter... High Unreviewed
CVE-2019-16759 was published May 24, 2022
ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi... High Unreviewed
CVE-2024-42911 was published Jan 15, 2025
This vulnerability allows network-adjacent attackers to create arbitrary files on affected... High Unreviewed
CVE-2024-23929 was published Jan 31, 2025
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected... High Unreviewed
CVE-2024-23920 was published Jan 31, 2025
A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10... High Unreviewed
CVE-2024-53561 was published Jan 14, 2025
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2024-13472 was published Jan 31, 2025
European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute... High Unreviewed
CVE-2023-26546 was published May 2, 2023
Remote Code Execution on click of <a> Link in markdown preview High
CVE-2024-49362 was published for joplin (npm) Nov 14, 2024
jackfromeast gshanbhag525
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for... High Unreviewed
CVE-2024-11600 was published Jan 30, 2025
The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is... High Unreviewed
CVE-2024-13453 was published Jan 30, 2025
S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability... High Unreviewed
CVE-2023-29963 was published May 6, 2023
A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers... High Unreviewed
CVE-2024-10001 was published Jan 29, 2025
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the... High Unreviewed
CVE-2023-22952 was published Jan 11, 2023
A Local Code Injection Vulnerability exists in the product and version listed above. The... High Unreviewed
CVE-2025-24482 was published Jan 28, 2025
A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS... High Unreviewed
CVE-2025-24159 was published Jan 28, 2025
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote... High Unreviewed
CVE-2022-47879 was published May 12, 2023
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts.... High Unreviewed
CVE-2023-24539 was published May 11, 2023
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty... High Unreviewed
CVE-2023-29400 was published May 11, 2023
An authenticated parameter injection vulnerability exists in the web-based management interface... High Unreviewed
CVE-2025-23051 was published Jan 14, 2025
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability High
GHSA-j2v2-3784-vr44 was published for opencart/opencart (Composer) Dec 18, 2024 withdrawn
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and... High Unreviewed
CVE-2015-1635 was published May 14, 2022
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in... High Unreviewed
CVE-2024-13499 was published Jan 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database