Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,457 advisories

Loading
The Sante PACS Server Web Portal sends credential information without encryption. Critical Unreviewed
CVE-2025-54156 was published Aug 19, 2025
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-55591 was published Aug 18, 2025
A security issue exists due to improper handling of malformed CIP Forward Close packets during... Critical Unreviewed
CVE-2025-7693 was published Aug 18, 2025
In vowifi service, there is a possible command injection due to improper input validation. This... Critical Unreviewed
CVE-2025-31715 was published Aug 18, 2025
The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-8898 was published Aug 16, 2025
The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to... Critical Unreviewed
CVE-2025-7441 was published Aug 16, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator... Critical Unreviewed
CVE-2025-8995 was published Aug 15, 2025
A vulnerability has been found in the  MSoft MFlash application that allows execution of... Critical Unreviewed
CVE-2025-9060 was published Aug 15, 2025
An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for... Critical Unreviewed
CVE-2025-54473 was published Aug 15, 2025
The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to... Critical Unreviewed
CVE-2025-7778 was published Aug 15, 2025
The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-6679 was published Aug 15, 2025
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center... Critical Unreviewed
CVE-2025-20265 was published Aug 14, 2025
A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of... Critical Unreviewed
CVE-2025-50518 was published Aug 14, 2025
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of... Critical Unreviewed
CVE-2025-8875 was published Aug 14, 2025
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This... Critical Unreviewed
CVE-2025-8876 was published Aug 14, 2025
KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control... Critical Unreviewed
CVE-2025-43983 was published Aug 14, 2025
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid... Critical Unreviewed
CVE-2025-27845 was published Aug 14, 2025
A security issue exists due to the web-based debugger agent enabled on Rockwell Automation... Critical Unreviewed
CVE-2025-7353 was published Aug 14, 2025
An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software... Critical Unreviewed
CVE-2025-43984 was published Aug 14, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-54678 was published Aug 14, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-54707 was published Aug 14, 2025
Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio allows Object Injection.... Critical Unreviewed
CVE-2025-54686 was published Aug 14, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload... Critical Unreviewed
CVE-2025-54693 was published Aug 14, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-52720 was published Aug 14, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-49059 was published Aug 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database