Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

900 advisories

Loading
An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4... Critical Unreviewed
CVE-2025-34101 was published Jul 10, 2025
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009)... Critical Unreviewed
CVE-2025-34102 was published Jul 10, 2025
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of... Critical Unreviewed
CVE-2025-34100 was published Jul 10, 2025
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2... Critical Unreviewed
CVE-2025-34099 was published Jul 10, 2025
An unrestricted file upload vulnerability exists in the WordPress AIT CSV Import/Export plugin ≤... Critical Unreviewed
CVE-2025-34083 was published Jul 9, 2025
A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol ... Critical Unreviewed
CVE-2025-34072 was published Jul 2, 2025
A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum... Critical Unreviewed
CVE-2025-34060 was published Jul 1, 2025
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the... Critical Unreviewed
CVE-2025-34055 was published Jul 1, 2025
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi... Critical Unreviewed
CVE-2025-34054 was published Jul 1, 2025
An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the... Critical Unreviewed
CVE-2025-34056 was published Jul 1, 2025
An OS command injection vulnerability exists in various models of E-Series Linksys routers via... Critical Unreviewed
CVE-2025-34037 was published Jun 26, 2025
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting... Critical Unreviewed
CVE-2025-34036 was published Jun 26, 2025
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and... Critical Unreviewed
CVE-2025-34035 was published Jun 26, 2025
An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version... Critical Unreviewed
CVE-2025-34049 was published Jun 26, 2025
A remote command injection vulnerability exists in Vacron Network Video Recorder (NVR) devices v1... Critical Unreviewed
CVE-2025-34043 was published Jun 26, 2025
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware... Critical Unreviewed
CVE-2025-34042 was published Jun 26, 2025
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7... Critical Unreviewed
CVE-2025-34044 was published Jun 26, 2025
pbkdf2 silently disregards Uint8Array input, returning static keys Critical
CVE-2025-6547 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos Critical
CVE-2025-6545 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system... Critical Unreviewed
CVE-2025-25038 was published Jun 20, 2025
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and... Critical Unreviewed
CVE-2025-34024 was published Jun 20, 2025
An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot... Critical Unreviewed
CVE-2025-34030 was published Jun 20, 2025
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an... Critical Unreviewed
CVE-2024-1244 was published Jun 11, 2025
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
An improper input validation discovered in Avaya Call Management System could allow an... Critical Unreviewed
CVE-2025-1041 was published Jun 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database