GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,230
Composer 4,347
Erlang 31
GitHub Actions 22
Go 2,117
Maven 5,289
npm 3,768
NuGet 680
pip 3,457
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,619

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

526 advisories

Filter by severity

Sort by

Least recently updated

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an... Critical Unreviewed

CVE-2025-1011 was published Feb 4, 2025

: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in... Critical Unreviewed

CVE-2024-49271 was published Oct 16, 2024

Improper control of generation of code in the sourcerer extension for Joomla in versions before... Critical Unreviewed

CVE-2025-22204 was published Feb 4, 2025

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by... Critical Unreviewed

CVE-2024-57099 was published Feb 3, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page... Critical Unreviewed

CVE-2025-24677 was published Feb 4, 2025

Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code... Critical Unreviewed

CVE-2023-30404 was published Apr 26, 2023

An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary... Critical Unreviewed

CVE-2023-29861 was published May 15, 2023

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET... Critical Unreviewed

CVE-2023-25717 was published Feb 13, 2023

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to... Critical Unreviewed

CVE-2022-3236 was published Sep 25, 2022

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code... Critical Unreviewed

CVE-2017-7494 was published May 14, 2022

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection... Critical Unreviewed

CVE-2024-23692 was published May 31, 2024

PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. Critical Unreviewed

CVE-2022-47129 was published May 11, 2023

An issue found in Agasio-Camera device version not specified allows a remote attacker to execute... Critical Unreviewed

CVE-2023-29862 was published May 15, 2023

The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is... Critical Unreviewed

CVE-2024-42936 was published Jan 21, 2025

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file... Critical Unreviewed

CVE-2024-54724 was published Jan 9, 2025

An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH... Critical Unreviewed

CVE-2025-22968 was published Jan 15, 2025

RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform... Critical Unreviewed

CVE-2025-22912 was published Jan 16, 2025

RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName... Critical Unreviewed

CVE-2025-22906 was published Jan 16, 2025

RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter... Critical Unreviewed

CVE-2025-22905 was published Jan 16, 2025

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 ... Critical Unreviewed

CVE-2022-34821 was published Jul 13, 2022

An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call... Critical Unreviewed

CVE-2023-28354 was published Jan 10, 2025

Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to... Critical Unreviewed

CVE-2024-50658 was published Jan 7, 2025

File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary... Critical Unreviewed

CVE-2024-50660 was published Jan 7, 2025

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all... Critical Unreviewed

CVE-2024-11635 was published Jan 8, 2025

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary... Critical Unreviewed

CVE-2024-11613 was published Jan 8, 2025

Previous 1 2 3 4 5 … 21 22 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

526 advisories