GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,250
Composer 4,350
Erlang 31
GitHub Actions 22
Go 2,119
Maven 5,292
npm 3,778
NuGet 680
pip 3,459
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,721

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

527 advisories

Filter by severity

Sort by

Least recently updated

Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page... Critical Unreviewed

CVE-2025-24677 was published Feb 4, 2025

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an... Critical Unreviewed

CVE-2025-1011 was published Feb 4, 2025

Improper control of generation of code in the sourcerer extension for Joomla in versions before... Critical Unreviewed

CVE-2025-22204 was published Feb 4, 2025

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by... Critical Unreviewed

CVE-2024-57099 was published Feb 3, 2025

The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is... Critical Unreviewed

CVE-2024-42936 was published Jan 21, 2025

RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName... Critical Unreviewed

CVE-2025-22906 was published Jan 16, 2025

RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform... Critical Unreviewed

CVE-2025-22912 was published Jan 16, 2025

RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter... Critical Unreviewed

CVE-2025-22905 was published Jan 16, 2025

An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH... Critical Unreviewed

CVE-2025-22968 was published Jan 15, 2025

An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call... Critical Unreviewed

CVE-2023-28354 was published Jan 10, 2025

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file... Critical Unreviewed

CVE-2024-54724 was published Jan 9, 2025

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all... Critical Unreviewed

CVE-2024-11635 was published Jan 8, 2025

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary... Critical Unreviewed

CVE-2024-11613 was published Jan 8, 2025

Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to... Critical Unreviewed

CVE-2024-50658 was published Jan 7, 2025

File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary... Critical Unreviewed

CVE-2024-50660 was published Jan 7, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders WP... Critical Unreviewed

CVE-2024-56278 was published Jan 7, 2025

The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing... Critical Unreviewed

CVE-2024-12252 was published Jan 7, 2025

Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template. Critical Unreviewed

CVE-2024-55529 was published Jan 6, 2025

A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script... Critical Unreviewed

CVE-2024-12652 was published Dec 26, 2024

A denial-of-service and possible remote code execution vulnerability exists in the Rockwell... Critical Unreviewed

CVE-2024-12372 was published Dec 18, 2024

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5... Critical Unreviewed

CVE-2023-34990 was published Dec 18, 2024

GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in... Critical Unreviewed

CVE-2024-55085 was published Dec 17, 2024

ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval()... Critical Unreviewed

CVE-2024-21577 was published Dec 13, 2024

ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in... Critical Unreviewed

CVE-2024-21576 was published Dec 13, 2024

The issue stems from a missing validation of the pip field in a POST request sent to the ... Critical Unreviewed

CVE-2024-21574 was published Dec 12, 2024

Previous 1 2 3 4 5 … 21 22 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

527 advisories