Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

4,732 advisories

Loading
In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is... Moderate Unreviewed
CVE-2025-59302 was published Nov 27, 2025
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Critical
CVE-2025-62593 was published for ray (pip) Nov 26, 2025
JLLeitschuh avilum
Credited to JLLeitschuh and avilum
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components,... High Unreviewed
CVE-2025-33204 was published Nov 25, 2025
REDAXO CMS is vulnerable to RCE attack through its template management component High
CVE-2025-64050 was published for redaxo/source (Composer) Nov 25, 2025
The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions... Critical Unreviewed
CVE-2025-6389 was published Nov 25, 2025
md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter Critical
CVE-2025-65108 was published for md-to-pdf (npm) Nov 20, 2025
Prodigysec
Credited to Prodigysec
Claude Code vulnerable to command execution prior to startup trust dialog High
CVE-2025-65099 was published for @anthropic-ai/claude-code (npm) Nov 19, 2025
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript Moderate
CVE-2025-65026 was published for github.com/esm-dev/esm.sh (Go) Nov 19, 2025
pyozzi-toss
Credited to pyozzi-toss
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed
CVE-2025-10702 was published Nov 19, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed
CVE-2025-10703 was published Nov 19, 2025
The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to,... High Unreviewed
CVE-2025-13035 was published Nov 19, 2025
The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks... Moderate Unreviewed
CVE-2025-63693 was published Nov 18, 2025
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an... High Unreviewed
CVE-2025-33184 was published Nov 18, 2025
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an... High Unreviewed
CVE-2025-33183 was published Nov 18, 2025
The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is... Moderate Unreviewed
CVE-2025-7711 was published Nov 18, 2025
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode Critical
CVE-2025-12762 was published for pgadmin4 (pip) Nov 13, 2025
jonbally
Credited to jonbally
The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is... High Unreviewed
CVE-2025-12733 was published Nov 13, 2025
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of... Moderate Unreviewed
CVE-2024-48829 was published Nov 12, 2025
OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed High
CVE-2025-64099 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Nov 12, 2025
Jean-Eudes
Credited to Jean-Eudes
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component... High Unreviewed
CVE-2025-33178 was published Nov 11, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data... High Unreviewed
CVE-2025-23357 was published Nov 11, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious... High Unreviewed
CVE-2025-23361 was published Nov 11, 2025
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a... High Unreviewed
CVE-2025-12637 was published Nov 11, 2025
The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in... Critical Unreviewed
CVE-2025-12813 was published Nov 11, 2025
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert... Critical Unreviewed
CVE-2025-42887 was published Nov 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database