Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,192 advisories

Loading
The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in... Moderate Unreviewed
CVE-2024-13895 was published Mar 8, 2025
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up... High Unreviewed
CVE-2024-13890 was published Mar 8, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... Moderate Unreviewed
CVE-2024-50405 was published Mar 7, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... High Unreviewed
CVE-2024-53693 was published Mar 7, 2025
Spacy-LLM Server-Side Template Injection (SSTI) vulnerability High
CVE-2025-25362 was published for spacy-llm (pip) Mar 5, 2025
FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index... Critical Unreviewed
CVE-2025-25789 was published Mar 5, 2025
The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all... Moderate Unreviewed
CVE-2024-13815 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27678 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27657 was published Mar 5, 2025
An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary... Moderate Unreviewed
CVE-2025-26182 was published Mar 4, 2025
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows... Critical Unreviewed
CVE-2024-50707 was published Mar 4, 2025
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows... Critical Unreviewed
CVE-2024-50704 was published Mar 4, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme... Critical Unreviewed
CVE-2025-26970 was published Mar 3, 2025
Stage.js DOM Clobbering vulnerabilty Moderate
CVE-2024-53386 was published for stage-js (npm) Mar 3, 2025
PrismJS DOM Clobbering vulnerability Moderate
CVE-2024-53382 was published for prismjs (npm) Mar 3, 2025
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all... Moderate Unreviewed
CVE-2024-13806 was published Mar 1, 2025
ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows... Critical Unreviewed
CVE-2025-27554 was published Mar 1, 2025
GeoVision GV-ASWeb with the version 6.1.2.0 or less, contains a Remote Code Execution (RCE)... High Unreviewed
CVE-2025-26264 was published Feb 28, 2025
An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior... Critical Unreviewed
CVE-2024-41339 was published Feb 27, 2025
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860... Critical Unreviewed
CVE-2024-41334 was published Feb 27, 2025
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0... Critical Unreviewed
CVE-2024-53944 was published Feb 27, 2025
Mautic allows Remote Code Execution and File Deletion in Asset Uploads Critical
CVE-2024-47051 was published for mautic/core (Composer) Feb 26, 2025
mallo-m patrykgruszka
The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution... High Unreviewed
CVE-2025-1509 was published Feb 22, 2025
The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode... High Unreviewed
CVE-2025-1510 was published Feb 22, 2025
A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated... Moderate Unreviewed
CVE-2019-8900 was published Feb 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database