Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
Active Storage allowed transformation methods that were potentially unsafe Critical
CVE-2025-24293 was published for activestorage (RubyGems) Aug 14, 2025
th4s1s
m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials Critical
GHSA-x6gv-2rvh-qmp6 was published for BoldestDungeon/steam-workshop-deploy (GitHub Actions) Aug 13, 2025
Gamebuster19901
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via... Critical Unreviewed
CVE-2012-10054 was published Aug 13, 2025
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of... Critical Unreviewed
CVE-2012-10055 was published Aug 13, 2025
Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH... Critical Unreviewed
CVE-2012-10060 was published Aug 13, 2025
Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php... Critical Unreviewed
CVE-2011-10017 was published Aug 13, 2025
myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The... Critical Unreviewed
CVE-2011-10018 was published Aug 13, 2025
RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of... Critical Unreviewed
CVE-2012-10058 was published Aug 13, 2025
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability... Critical Unreviewed
CVE-2025-34154 was published Aug 13, 2025
Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection... Critical Unreviewed
CVE-2012-10059 was published Aug 13, 2025
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its... Critical Unreviewed
CVE-2011-10019 was published Aug 13, 2025
An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service... Critical Unreviewed
CVE-2025-43986 was published Aug 13, 2025
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by... Critical Unreviewed
CVE-2025-43982 was published Aug 13, 2025
Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when... Critical Unreviewed
CVE-2011-10016 was published Aug 13, 2025
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to... Critical Unreviewed
CVE-2011-10010 was published Aug 13, 2025
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where... Critical Unreviewed
CVE-2011-10011 was published Aug 13, 2025
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common... Critical Unreviewed
CVE-2011-10013 was published Aug 13, 2025
Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by... Critical Unreviewed
CVE-2011-10015 was published Aug 13, 2025
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is... Critical Unreviewed
CVE-2025-8904 was published Aug 13, 2025
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2025-52385 was published Aug 13, 2025
An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings... Critical Unreviewed
CVE-2025-50594 was published Aug 13, 2025
In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific... Critical Unreviewed
CVE-2025-51451 was published Aug 13, 2025
Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to... Critical Unreviewed
CVE-2025-34153 was published Aug 13, 2025
In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a... Critical Unreviewed
CVE-2025-51452 was published Aug 13, 2025
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password... Critical Unreviewed
CVE-2025-50251 was published Aug 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database