Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root... Critical Unreviewed
CVE-2025-44954 was published Aug 4, 2025
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE) Critical
CVE-2025-54802 was published for pyload-ng (pip) Aug 4, 2025
ptrgits sfatzmw
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Critical Unreviewed
CVE-2025-36594 was published Aug 4, 2025
Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded... Critical Unreviewed
CVE-2025-51536 was published Aug 4, 2025
The ADOdb sqlite3 driver allows SQL injection Critical
CVE-2025-54119 was published for adodb/adodb-php (Composer) Aug 4, 2025
mrcnpp dregad
A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release... Critical Unreviewed
CVE-2025-6205 was published Aug 4, 2025
The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in... Critical Unreviewed
CVE-2025-7710 was published Aug 2, 2025
Partner Software's Partner Software Product and corresponding Partner Web application use the... Critical Unreviewed
CVE-2025-6077 was published Aug 2, 2025
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the... Critical Unreviewed
CVE-2013-10060 was published Aug 1, 2025
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and... Critical Unreviewed
CVE-2013-10055 was published Aug 1, 2025
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically... Critical Unreviewed
CVE-2013-10049 was published Aug 1, 2025
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300... Critical Unreviewed
CVE-2013-10048 was published Aug 1, 2025
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows... Critical Unreviewed
CVE-2013-10047 was published Aug 1, 2025
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to... Critical Unreviewed
CVE-2013-10051 was published Aug 1, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration Critical
CVE-2025-6000 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the... Critical Unreviewed
CVE-2025-50870 was published Aug 1, 2025
The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through... Critical Unreviewed
CVE-2025-50472 was published Aug 1, 2025
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view... Critical Unreviewed
CVE-2025-45150 was published Aug 1, 2025
Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection... Critical Unreviewed
CVE-2025-52390 was published Aug 1, 2025
XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304)... Critical Unreviewed
CVE-2019-19144 was published Aug 1, 2025
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1... Critical Unreviewed
CVE-2025-41371 was published Aug 1, 2025
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1... Critical Unreviewed
CVE-2025-41370 was published Aug 1, 2025
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software,... Critical Unreviewed
CVE-2025-8454 was published Aug 1, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-5947 was published Aug 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database