Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,457 advisories

Loading
In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific... Critical Unreviewed
CVE-2025-51451 was published Aug 13, 2025
Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to... Critical Unreviewed
CVE-2025-34153 was published Aug 13, 2025
In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a... Critical Unreviewed
CVE-2025-51452 was published Aug 13, 2025
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password... Critical Unreviewed
CVE-2025-50251 was published Aug 13, 2025
Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability,... Critical Unreviewed
CVE-2025-8913 was published Aug 13, 2025
A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function... Critical Unreviewed
CVE-2025-8760 was published Aug 13, 2025
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-7384 was published Aug 13, 2025
The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the... Critical Unreviewed
CVE-2025-6715 was published Aug 13, 2025
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to... Critical Unreviewed
CVE-2025-49457 was published Aug 13, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... Critical Unreviewed
CVE-2025-25256 was published Aug 12, 2025
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a... Critical Unreviewed
CVE-2025-53766 was published Aug 12, 2025
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to... Critical Unreviewed
CVE-2025-50165 was published Aug 12, 2025
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform... Critical Unreviewed
CVE-2025-50171 was published Aug 12, 2025
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet... Critical Unreviewed
CVE-2025-24325 was published Aug 12, 2025
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2).... Critical Unreviewed
CVE-2025-40746 was published Aug 12, 2025
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing... Critical Unreviewed
CVE-2025-8059 was published Aug 12, 2025
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a... Critical Unreviewed
CVE-2025-42950 was published Aug 12, 2025
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function... Critical Unreviewed
CVE-2025-42957 was published Aug 12, 2025
ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via... Critical Unreviewed
CVE-2025-45146 was published Aug 11, 2025
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez... Critical Unreviewed
CVE-2012-10037 was published Aug 11, 2025
Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in... Critical Unreviewed
CVE-2012-10038 was published Aug 11, 2025
ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2... Critical Unreviewed
CVE-2012-10039 was published Aug 11, 2025
Openfiler v2.x contains a command injection vulnerability in the system.html page. The device... Critical Unreviewed
CVE-2012-10040 was published Aug 11, 2025
Official Document Management System developed by 2100 Technology has an Authentication Bypass... Critical Unreviewed
CVE-2025-8853 was published Aug 11, 2025
Kernel software installed and running inside an untrusted/rich execution environment (REE) could... Critical Unreviewed
CVE-2025-6573 was published Aug 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database