Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator... Critical Unreviewed
CVE-2025-8995 was published Aug 15, 2025
An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2025-52395 was published Aug 21, 2025
An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8... Critical Unreviewed
CVE-2024-45438 was published Aug 21, 2025
Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF Critical
CVE-2025-54988 was published for org.apache.tika:tika-parser-pdf-module (Maven) Aug 20, 2025
Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication... Critical Unreviewed
CVE-2024-57154 was published Aug 20, 2025
A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro... Critical Unreviewed
CVE-2025-27214 was published Aug 21, 2025
A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with... Critical Unreviewed
CVE-2025-27217 was published Aug 21, 2025
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a... Critical Unreviewed
CVE-2025-24285 was published Aug 21, 2025
Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access... Critical Unreviewed
CVE-2024-57155 was published Aug 20, 2025
Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access... Critical Unreviewed
CVE-2024-57157 was published Aug 20, 2025
jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function Critical Unreviewed
CVE-2024-50640 was published Aug 20, 2025
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication... Critical Unreviewed
CVE-2025-50901 was published Aug 20, 2025
There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025... Critical Unreviewed
CVE-2025-50904 was published Aug 20, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP allows Upload a... Critical Unreviewed
CVE-2025-53251 was published Aug 21, 2025
The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing... Critical Unreviewed
CVE-2025-8895 was published Aug 21, 2025
A malicious client can bypass the client certificate trust check of an opc.https server when the... Critical Unreviewed
CVE-2025-7390 was published Aug 21, 2025
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class Critical
CVE-2025-53623 was published for job-iteration (RubyGems) Jul 14, 2025
calysteon yehuda-alt
Directus allows unauthenticated file upload and file modification due to lacking input sanitization Critical
CVE-2025-55746 was published for @directus/api (npm) Aug 20, 2025
r4bbit-r4
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid... Critical Unreviewed
CVE-2025-55031 was published Aug 19, 2025
An attacker was able to perform memory corruption in the GMP process which processes encrypted... Critical Unreviewed
CVE-2025-9179 was published Aug 19, 2025
Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence... Critical Unreviewed
CVE-2025-9187 was published Aug 19, 2025
AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution... Critical Unreviewed
CVE-2025-8611 was published Aug 20, 2025
AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution... Critical Unreviewed
CVE-2025-8610 was published Aug 20, 2025
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the... Critical Unreviewed
CVE-2011-10026 was published Aug 20, 2025
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed... Critical Unreviewed
CVE-2010-20103 was published Aug 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database