Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,595 advisories

Loading
Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-7975 was published Sep 2, 2025
Soft Serve vulnerable to arbitrary file writing through SSH API High
CVE-2025-58355 was published for github.com/charmbracelet/soft-serve (Go) Sep 2, 2025
msanft caarlos0
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool High
CVE-2025-58358 was published for mcp-markdownify-server (npm) Sep 2, 2025
0xRoyR
Command Injection via sonarqube-scan-action GitHub Action High
CVE-2025-58178 was published for SonarSource/sonarqube-scan-action (GitHub Actions) Sep 2, 2025
Torbjorn-Svensson
arenavec has multiple memory corruption vulnerabilities in safe APIs High
GHSA-3632-54q8-m96x was published for arenavec (Rust) Sep 2, 2025
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking High
GHSA-fqqv-56h5-f57g was published for pocketmine/pocketmine-mp (Composer) Sep 2, 2025
Zwuiix-cmd dktapps
ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header High
CVE-2025-57808 was published for esphome (pip) Sep 2, 2025
bcat
A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element... High Unreviewed
CVE-2025-9815 was published Sep 2, 2025
Undertow MadeYouReset HTTP/2 DDoS Vulnerability High
CVE-2025-9784 was published for io.undertow:undertow-core (Maven) Sep 2, 2025
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor... High Unreviewed
CVE-2025-2413 was published Sep 2, 2025
In monitor_hang, there is a possible memory corruption due to use after free. This could lead to... High Unreviewed
CVE-2025-20705 was published Sep 2, 2025
A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code... High Unreviewed
CVE-2025-9791 was published Sep 2, 2025
In BootRom, there is a possible unchecked write address. This could lead to local escalation of... High Unreviewed
CVE-2022-38694 was published Sep 2, 2025
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead... High Unreviewed
CVE-2025-20704 was published Sep 2, 2025
In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could... High Unreviewed
CVE-2025-20703 was published Sep 2, 2025
In mbrain, there is a possible memory corruption due to use after free. This could lead to local... High Unreviewed
CVE-2025-20706 was published Sep 2, 2025
In BootRom, there's a possible unchecked command index. This could lead to local escalation of... High Unreviewed
CVE-2022-38695 was published Sep 2, 2025
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could... High Unreviewed
CVE-2025-20708 was published Sep 2, 2025
In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to... High Unreviewed
CVE-2022-38691 was published Sep 2, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-47696 was published Aug 31, 2025
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager... High Unreviewed
CVE-2024-32589 was published Aug 31, 2025
A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12... High Unreviewed
CVE-2025-34164 was published Aug 30, 2025
A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12... High Unreviewed
CVE-2025-34165 was published Aug 30, 2025
An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the... High Unreviewed
CVE-2025-56577 was published Aug 29, 2025
Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local attacker to execute... High Unreviewed
CVE-2023-41471 was published Aug 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database