Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow... Critical Unreviewed
CVE-2025-7768 was published Aug 6, 2025
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either... Critical Unreviewed
CVE-2025-30127 was published Aug 6, 2025
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution Critical
CVE-2024-32651 was published for changedetection.io (pip) Oct 15, 2024
edoardottt dgtlmoon
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service... Critical Unreviewed
CVE-2023-43091 was published Nov 17, 2024
NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker... Critical Unreviewed
CVE-2025-23317 was published Aug 6, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker... Critical Unreviewed
CVE-2025-23310 was published Aug 6, 2025
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack... Critical Unreviewed
CVE-2025-23311 was published Aug 6, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration... Critical Unreviewed
CVE-2025-54253 was published Aug 5, 2025
Object state limitation has no effect Critical
GHSA-w8qp-hmh5-4v9v was published for ezsystems/ezplatform-kernel (Composer) Apr 29, 2022
CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow... Critical Unreviewed
CVE-2025-22470 was published Aug 6, 2025
The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in... Critical Unreviewed
CVE-2025-6994 was published Aug 6, 2025
Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack... Critical Unreviewed
CVE-2013-10068 was published Aug 5, 2025
An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System... Critical Unreviewed
CVE-2014-125113 was published Aug 5, 2025
A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's... Critical Unreviewed
CVE-2013-10064 was published Aug 5, 2025
WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload... Critical Unreviewed
CVE-2012-10027 was published Aug 5, 2025
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload... Critical Unreviewed
CVE-2013-10067 was published Aug 5, 2025
The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file... Critical Unreviewed
CVE-2012-10025 was published Aug 5, 2025
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary... Critical Unreviewed
CVE-2012-10026 was published Aug 5, 2025
Narcissus is vulnerable to remote code execution via improper input handling in its image... Critical Unreviewed
CVE-2012-10033 was published Aug 5, 2025
Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the... Critical Unreviewed
CVE-2012-10035 was published Aug 5, 2025
An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The... Critical Unreviewed
CVE-2013-10066 was published Aug 5, 2025
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user... Critical Unreviewed
CVE-2013-10070 was published Aug 5, 2025
The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev... Critical Unreviewed
CVE-2013-10069 was published Aug 5, 2025
An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index... Critical Unreviewed
CVE-2025-50707 was published Aug 5, 2025
An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error... Critical Unreviewed
CVE-2025-46658 was published Aug 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database