Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,862 advisories

Loading
Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack... Critical Unreviewed
CVE-2013-10068 was published Aug 5, 2025
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary... Critical Unreviewed
CVE-2012-10026 was published Aug 5, 2025
Narcissus is vulnerable to remote code execution via improper input handling in its image... Critical Unreviewed
CVE-2012-10033 was published Aug 5, 2025
Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the... Critical Unreviewed
CVE-2012-10035 was published Aug 5, 2025
An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The... Critical Unreviewed
CVE-2013-10066 was published Aug 5, 2025
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user... Critical Unreviewed
CVE-2013-10070 was published Aug 5, 2025
An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System... Critical Unreviewed
CVE-2014-125113 was published Aug 5, 2025
A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's... Critical Unreviewed
CVE-2013-10064 was published Aug 5, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration... Critical Unreviewed
CVE-2025-54253 was published Aug 5, 2025
An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error... Critical Unreviewed
CVE-2025-46658 was published Aug 5, 2025
An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index... Critical Unreviewed
CVE-2025-50707 was published Aug 5, 2025
ThinkPHP Path Traversal Vulnerability Critical
CVE-2025-50706 was published for topthink/framework (Composer) Aug 5, 2025
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an... Critical Unreviewed
CVE-2025-2611 was published Aug 5, 2025
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre... Critical Unreviewed
CVE-2025-54948 was published Aug 5, 2025
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre... Critical Unreviewed
CVE-2025-54987 was published Aug 5, 2025
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on... Critical Unreviewed
CVE-2025-54982 was published Aug 5, 2025
DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability Critical Unreviewed
CVE-2025-53417 was published Aug 5, 2025
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a... Critical Unreviewed
CVE-2025-27212 was published Aug 5, 2025
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows... Critical Unreviewed
CVE-2025-46093 was published Aug 5, 2025
Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report... Critical Unreviewed
CVE-2025-50754 was published Aug 4, 2025
A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain... Critical Unreviewed
CVE-2025-50341 was published Aug 4, 2025
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured... Critical Unreviewed
CVE-2025-51387 was published Aug 4, 2025
An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code... Critical Unreviewed
CVE-2025-52239 was published Aug 4, 2025
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi... Critical Unreviewed
CVE-2025-34147 was published Aug 4, 2025
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection... Critical Unreviewed
CVE-2025-51390 was published Aug 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database