Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,013 advisories

Loading
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote... Critical Unreviewed
CVE-2024-10131 was published Oct 19, 2024
A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16.... Critical Unreviewed
CVE-2022-4364 was published Dec 8, 2022
Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages High
CVE-2025-34267 was published for flowise (npm) Oct 14, 2025
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller... High Unreviewed
CVE-2025-37133 was published Oct 14, 2025
A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this... Moderate Unreviewed
CVE-2024-5195 was published May 22, 2024
A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an... Moderate Unreviewed
CVE-2024-5196 was published May 22, 2024
A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by... Moderate Unreviewed
CVE-2024-5194 was published May 22, 2024
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller... High Unreviewed
CVE-2025-37134 was published Oct 14, 2025
An authenticated command injection vulnerability exists in the command line interface binary of... Moderate Unreviewed
CVE-2025-37138 was published Oct 14, 2025
A vulnerability in the web-based management interface of network access point configuration... High Unreviewed
CVE-2025-37146 was published Oct 14, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics... Critical Unreviewed
CVE-2024-10035 was published Nov 4, 2024
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events Low
GHSA-6fgx-x7m2-74qm was published for tracexec (Rust) Oct 13, 2025
kxxt
Credited to kxxt
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of... Moderate Unreviewed
CVE-2025-60268 was published Oct 10, 2025
An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code... Moderate Unreviewed
CVE-2025-60838 was published Oct 10, 2025
A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0.... Moderate Unreviewed
CVE-2025-2701 was published Mar 24, 2025
A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of... Moderate Unreviewed
CVE-2025-11523 was published Oct 9, 2025
MCPHub's ServerController is vulnerable to Command Injection Low
CVE-2025-11285 was published for @samanhappy/mcphub (npm) Oct 5, 2025
An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart... Moderate Unreviewed
CVE-2025-56426 was published Oct 9, 2025
Copilot Spoofing Vulnerability Moderate Unreviewed
CVE-2025-59286 was published Oct 9, 2025
M365 Copilot Spoofing Vulnerability Moderate Unreviewed
CVE-2025-59252 was published Oct 9, 2025
Copilot Spoofing Vulnerability Moderate Unreviewed
CVE-2025-59272 was published Oct 9, 2025
A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element... Moderate Unreviewed
CVE-2025-11491 was published Oct 8, 2025
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected... Moderate Unreviewed
CVE-2025-11490 was published Oct 8, 2025
Deno is Vulnerable to Command Injection on Windows During Batch File Execution High
CVE-2025-61787 was published for deno (Rust) Oct 8, 2025
R4356th
Credited to R4356th
A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function... Moderate Unreviewed
CVE-2025-11407 was published Oct 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database