Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,849 advisories

Loading
A vulnerability was identified in Docker Desktop that allows local running Linux containers to... Critical Unreviewed
CVE-2025-9074 was published Aug 20, 2025
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in... Critical Unreviewed
CVE-2009-10006 was published Aug 22, 2025
A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c... Critical Unreviewed
CVE-2023-47212 was published May 1, 2024
An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.  Critical Unreviewed
CVE-2024-28751 was published Jul 9, 2024
The devices are vulnerable to an authentication bypass due to flaws in the authorization... Critical Unreviewed
CVE-2025-41652 was published May 27, 2025
WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated... Critical Unreviewed
CVE-2025-9254 was published Aug 22, 2025
Active Storage allowed transformation methods that were potentially unsafe Critical
CVE-2025-24293 was published for activestorage (RubyGems) Aug 14, 2025
th4s1s
Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a... Critical Unreviewed
CVE-2010-20115 was published Aug 21, 2025
Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer... Critical Unreviewed
CVE-2010-20122 was published Aug 21, 2025
Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges... Critical Unreviewed
CVE-2025-53763 was published Aug 21, 2025
A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS... Critical Unreviewed
CVE-2025-3128 was published Aug 21, 2025
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2025-53795 was published Aug 21, 2025
Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by... Critical Unreviewed
CVE-2010-20112 was published Aug 21, 2025
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user... Critical Unreviewed
CVE-2025-52352 was published Aug 21, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator... Critical Unreviewed
CVE-2025-8995 was published Aug 15, 2025
An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2025-52395 was published Aug 21, 2025
An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8... Critical Unreviewed
CVE-2024-45438 was published Aug 21, 2025
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF Critical
CVE-2025-54988 was published for org.apache.tika:tika-parser-pdf-module (Maven) Aug 20, 2025
Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication... Critical Unreviewed
CVE-2024-57154 was published Aug 20, 2025
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro... Critical Unreviewed
CVE-2025-27214 was published Aug 21, 2025
A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with... Critical Unreviewed
CVE-2025-27217 was published Aug 21, 2025
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a... Critical Unreviewed
CVE-2025-24285 was published Aug 21, 2025
Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access... Critical Unreviewed
CVE-2024-57155 was published Aug 20, 2025
Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access... Critical Unreviewed
CVE-2024-57157 was published Aug 20, 2025
jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function Critical Unreviewed
CVE-2024-50640 was published Aug 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database