GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,908
Composer 4,476
Erlang 33
GitHub Actions 24
Go 2,203
Maven 5,433
npm 3,857
NuGet 696
pip 3,639
Pub 12
RubyGems 912
Rust 913
Swift 38

Unreviewed advisories

All unreviewed 249,431

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

4,266 advisories

Filter by severity

Sort by

Least recently updated

Apache Kylin Code Injection via JDBC Configuration Alteration Low

CVE-2025-30067 was published for org.apache.kylin:kylin (Maven) Mar 27, 2025

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8... Moderate Unreviewed

CVE-2025-2867 was published Mar 27, 2025

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when... Critical Unreviewed

CVE-2025-26003 was published Mar 26, 2025

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare )... High Unreviewed

CVE-2025-2787 was published Mar 26, 2025

An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary... Moderate Unreviewed

CVE-2024-41643 was published Mar 26, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text... Critical Unreviewed

CVE-2025-28893 was published Mar 26, 2025

An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to... Critical Unreviewed

CVE-2024-48818 was published Mar 25, 2025

A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to... Critical Unreviewed

CVE-2024-55028 was published Mar 25, 2025

An improper control of generation of code ('Code Injection') vulnerability in the... Critical Unreviewed

CVE-2024-45480 was published Mar 25, 2025

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to... Moderate Unreviewed

CVE-2025-29806 was published Mar 23, 2025

The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to... High Unreviewed

CVE-2025-2303 was published Mar 22, 2025

Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute... High Unreviewed

CVE-2025-29807 was published Mar 21, 2025

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a... High Unreviewed

CVE-2025-0185 was published Mar 20, 2025

A command injection vulnerability exists in the `pandas.DataFrame.query` function of pandas-dev... High Unreviewed

CVE-2024-9880 was published Mar 20, 2025

SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update... High Unreviewed

CVE-2024-9439 was published Mar 20, 2025

man-group dtale version <= 3.13.1 contains a vulnerability where the query parameters from the... High Unreviewed

CVE-2024-9016 was published Mar 20, 2025

A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an... Critical Unreviewed

CVE-2024-8581 was published Mar 20, 2025

A command injection vulnerability exists in the workflow-checker.yml workflow of significant... High Unreviewed

CVE-2024-8156 was published Mar 20, 2025

LoLLMS Code Injection vulnerability High

CVE-2024-6982 was published for lollms (pip) Mar 20, 2025

In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpreter` is vulnerable to code... High Unreviewed

CVE-2024-10950 was published Mar 20, 2025

A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF... High Unreviewed

CVE-2024-10252 was published Mar 20, 2025

An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to... Critical Unreviewed

CVE-2024-57061 was published Mar 19, 2025

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7... Critical Unreviewed

CVE-2025-29401 was published Mar 19, 2025

An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters... Critical Unreviewed

CVE-2024-55551 was published Mar 19, 2025

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR... High Unreviewed

CVE-2024-21760 was published Mar 18, 2025

Previous 1 2 3 4 5 … 170 171 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

4,266 advisories