Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,086 advisories

Loading
NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote... High Unreviewed
CVE-2025-25246 was published Feb 5, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page... Critical Unreviewed
CVE-2025-24677 was published Feb 4, 2025
Improper control of generation of code in the sourcerer extension for Joomla in versions before... Critical Unreviewed
CVE-2025-22204 was published Feb 4, 2025
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by... Critical Unreviewed
CVE-2024-57099 was published Feb 3, 2025
The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution... Moderate Unreviewed
CVE-2024-12415 was published Jan 31, 2025
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2024-13472 was published Jan 31, 2025
This vulnerability allows network-adjacent attackers to create arbitrary files on affected... High Unreviewed
CVE-2024-23929 was published Jan 31, 2025
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected... High Unreviewed
CVE-2024-23920 was published Jan 31, 2025
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for... High Unreviewed
CVE-2024-11600 was published Jan 30, 2025
The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is... High Unreviewed
CVE-2024-13453 was published Jan 30, 2025
A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers... High Unreviewed
CVE-2024-10001 was published Jan 29, 2025
A Local Code Injection Vulnerability exists in the product and version listed above. The... High Unreviewed
CVE-2025-24482 was published Jan 28, 2025
In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by... Moderate Unreviewed
CVE-2024-40673 was published Jan 28, 2025
A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS... High Unreviewed
CVE-2025-24159 was published Jan 28, 2025
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in... High Unreviewed
CVE-2024-13499 was published Jan 22, 2025
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in... High Unreviewed
CVE-2024-13495 was published Jan 22, 2025
The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is... Critical Unreviewed
CVE-2024-42936 was published Jan 21, 2025
An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject... Moderate Unreviewed
CVE-2024-55504 was published Jan 21, 2025
Craft CMS has a potential RCE with a compromised security key High
CVE-2025-23209 was published for craftcms/cms (Composer) Jan 21, 2025
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform... Critical Unreviewed
CVE-2025-22912 was published Jan 16, 2025
RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName... Critical Unreviewed
CVE-2025-22906 was published Jan 16, 2025
RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter... Critical Unreviewed
CVE-2025-22905 was published Jan 16, 2025
The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-10970 was published Jan 16, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7... High Unreviewed
CVE-2024-27856 was published Jan 15, 2025
An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH... Critical Unreviewed
CVE-2025-22968 was published Jan 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database