Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,654 advisories

Loading
vLLM vulnerable to remote code execution via transformers_utils/get_config High
CVE-2025-66448 was published for vllm (pip) Dec 2, 2025
Vancir Isotr0py
DarkLight1337 russellb
Credited to Vancir, Isotr0py, DarkLight1337, and russellb
Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass High
CVE-2025-66294 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek
Credited to nakkouchtarek
Grav is Vulnerable to Security Sandbox Bypass with SSTI (Server Side Template Injection) High
CVE-2025-66299 was published for getgrav/grav (Composer) Dec 2, 2025
justwove
Credited to justwove
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’... High Unreviewed
CVE-2024-39148 was published Dec 1, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components,... High Unreviewed
CVE-2025-33204 was published Nov 25, 2025
REDAXO CMS is vulnerable to RCE attack through its template management component High
CVE-2025-64050 was published for redaxo/source (Composer) Nov 25, 2025
Claude Code vulnerable to command execution prior to startup trust dialog High
CVE-2025-65099 was published for @anthropic-ai/claude-code (npm) Nov 19, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed
CVE-2025-10703 was published Nov 19, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed
CVE-2025-10702 was published Nov 19, 2025
The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to,... High Unreviewed
CVE-2025-13035 was published Nov 19, 2025
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an... High Unreviewed
CVE-2025-33184 was published Nov 18, 2025
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an... High Unreviewed
CVE-2025-33183 was published Nov 18, 2025
The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is... High Unreviewed
CVE-2025-12733 was published Nov 13, 2025
OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed High
CVE-2025-64099 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Nov 12, 2025
Jean-Eudes
Credited to Jean-Eudes
NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component... High Unreviewed
CVE-2025-33178 was published Nov 11, 2025
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious... High Unreviewed
CVE-2025-23361 was published Nov 11, 2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data... High Unreviewed
CVE-2025-23357 was published Nov 11, 2025
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a... High Unreviewed
CVE-2025-12637 was published Nov 11, 2025
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-9334 was published Nov 8, 2025
An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient... High Unreviewed
CVE-2025-11093 was published Nov 5, 2025
expr-eval does not restrict functions passed to the evaluate function High
CVE-2025-12735 was published for expr-eval (npm) Nov 5, 2025
sei-vsarvepalli
Credited to sei-vsarvepalli
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54... High Unreviewed
CVE-2025-60785 was published Nov 3, 2025
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and... High Unreviewed
CVE-2025-6990 was published Nov 1, 2025
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code... High Unreviewed
CVE-2025-10487 was published Nov 1, 2025
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated... High Unreviewed
CVE-2025-48984 was published Oct 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database