Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-52720 was published Aug 14, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-54669 was published Aug 14, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a... Critical Unreviewed
CVE-2025-24775 was published Aug 14, 2025
m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials Critical
GHSA-x6gv-2rvh-qmp6 was published for BoldestDungeon/steam-workshop-deploy (GitHub Actions) Aug 13, 2025
Gamebuster19901
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password... Critical Unreviewed
CVE-2025-50251 was published Aug 13, 2025
Insufficient input validation leading to memory overread on the NetScaler Management Interface... Critical Unreviewed
CVE-2025-5777 was published Jun 17, 2025
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via... Critical Unreviewed
CVE-2012-10054 was published Aug 13, 2025
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of... Critical Unreviewed
CVE-2012-10055 was published Aug 13, 2025
Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH... Critical Unreviewed
CVE-2012-10060 was published Aug 13, 2025
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability... Critical Unreviewed
CVE-2025-34154 was published Aug 13, 2025
RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of... Critical Unreviewed
CVE-2012-10058 was published Aug 13, 2025
Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by... Critical Unreviewed
CVE-2011-10015 was published Aug 13, 2025
Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection... Critical Unreviewed
CVE-2012-10059 was published Aug 13, 2025
Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php... Critical Unreviewed
CVE-2011-10017 was published Aug 13, 2025
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to... Critical Unreviewed
CVE-2011-10010 was published Aug 13, 2025
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where... Critical Unreviewed
CVE-2011-10011 was published Aug 13, 2025
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common... Critical Unreviewed
CVE-2011-10013 was published Aug 13, 2025
Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when... Critical Unreviewed
CVE-2011-10016 was published Aug 13, 2025
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is... Critical Unreviewed
CVE-2025-8904 was published Aug 13, 2025
Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to... Critical Unreviewed
CVE-2025-34153 was published Aug 13, 2025
Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that... Critical Unreviewed
CVE-2021-35393 was published May 24, 2022
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.... Critical Unreviewed
CVE-2022-1292 was published May 4, 2022
The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the... Critical Unreviewed
CVE-2025-6715 was published Aug 13, 2025
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2017-3248 was published May 14, 2022
Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability,... Critical Unreviewed
CVE-2025-8913 was published Aug 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database