Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,457 advisories

Loading
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a... Critical Unreviewed
CVE-2025-31330 was published Apr 8, 2025
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to... High Unreviewed
CVE-2025-23186 was published Apr 8, 2025
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function... Critical Unreviewed
CVE-2025-27429 was published Apr 8, 2025
SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function... Moderate Unreviewed
CVE-2025-30013 was published Apr 8, 2025
Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
CVE-2025-3248 was published for langflow (pip) Apr 7, 2025
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a... Critical Unreviewed
CVE-2025-28146 was published Apr 4, 2025
The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all... Critical Unreviewed
CVE-2024-13645 was published Apr 4, 2025
insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can... High Unreviewed
CVE-2024-45199 was published Apr 3, 2025
Netwrix Password Secure through 9.2 allows command injection. Critical Unreviewed
CVE-2025-26818 was published Apr 3, 2025
An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2025-29064 was published Apr 3, 2025
insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject... High Unreviewed
CVE-2024-45198 was published Apr 3, 2025
A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been... Moderate Unreviewed
CVE-2025-3164 was published Apr 3, 2025
InternLM LMDeploy code injection vulnerability Moderate
CVE-2025-3163 was published for lmdeploy (pip) Apr 3, 2025
pgAdmin 4 Vulnerable to Remote Code Execution Critical
CVE-2025-2945 was published for pgadmin4 (pip) Apr 3, 2025
Jenkins Templating Engine Plugin Vulnerable to Arbitrary Code Execution High
CVE-2025-31722 was published for org.jenkins-ci.plugins:templating-engine (Maven) Apr 2, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound DigiWidgets... Critical Unreviewed
CVE-2025-30580 was published Apr 1, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit... Critical Unreviewed
CVE-2025-30911 was published Apr 1, 2025
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS... High Unreviewed
CVE-2025-24243 was published Apr 1, 2025
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a... Critical Unreviewed
CVE-2024-54805 was published Mar 31, 2025
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a... Critical Unreviewed
CVE-2024-54804 was published Mar 31, 2025
Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi... Critical Unreviewed
CVE-2024-54806 was published Mar 31, 2025
In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in... Critical Unreviewed
CVE-2024-54807 was published Mar 31, 2025
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a... Critical Unreviewed
CVE-2024-54803 was published Mar 31, 2025
The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in... High Unreviewed
CVE-2025-2803 was published Mar 29, 2025
The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode... Moderate Unreviewed
CVE-2024-13557 was published Mar 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database