Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

15 advisories

Loading
GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe... Critical Unreviewed
CVE-2026-4851 was published Mar 29, 2026
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code... Critical Unreviewed
CVE-2026-4001 was published Mar 24, 2026
Affected devices do not properly sanitize contents of trace files. This could allow an attacker... Critical Unreviewed
CVE-2025-40943 was published Mar 10, 2026
Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2026-0769 was published Jan 23, 2026
Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python... Critical Unreviewed
CVE-2025-54322 was published Dec 27, 2025
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the... Critical Unreviewed
CVE-2025-12140 was published Nov 27, 2025
The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human... Critical Unreviewed
CVE-2011-10033 was published Oct 15, 2025
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user... Critical Unreviewed
CVE-2013-10070 was published Aug 5, 2025
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to... Critical Unreviewed
CVE-2013-10051 was published Aug 1, 2025
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the... Critical Unreviewed
CVE-2025-26845 was published May 8, 2025
The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to... Critical Unreviewed
CVE-2024-8512 was published Oct 30, 2024
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an... Critical Unreviewed
CVE-2024-7954 was published Aug 23, 2024
calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability... Critical Unreviewed
CVE-2024-39173 was published Jul 18, 2024
The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows... Critical Unreviewed
CVE-2023-0090 was published Mar 8, 2023
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval... Critical Unreviewed
CVE-2021-23277 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database