Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
Node-SAML SAML Signature Verification Vulnerability Critical
CVE-2025-54419 was published for @node-saml/node-saml (npm) Jul 28, 2025
ahacker1-securesaml cjbarth
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if... Critical Unreviewed
CVE-2024-1039 was published Feb 2, 2024
Azure Portal Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-53792 was published Aug 7, 2025
Azure OpenAI Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-53767 was published Aug 7, 2025
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi... Critical Unreviewed
CVE-2025-34152 was published Aug 7, 2025
A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on... Critical Unreviewed
CVE-2025-34151 was published Aug 7, 2025
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi... Critical Unreviewed
CVE-2025-34148 was published Aug 7, 2025
The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02... Critical Unreviewed
CVE-2025-34150 was published Aug 7, 2025
A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model... Critical Unreviewed
CVE-2025-34149 was published Aug 7, 2025
In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following... Critical Unreviewed
CVE-2025-44658 was published Jul 21, 2025
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module Critical
CVE-2025-5120 was published for smolagents (pip) Jul 27, 2025
Remote code injection in Log4j Critical
GHSA-94g7-hpv8-h9qm was published for com.splunk.logging:splunk-library-javalogging (Maven) Dec 14, 2021
natstatenet
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML... Critical Unreviewed
CVE-2025-49796 was published Jun 16, 2025
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath... Critical Unreviewed
CVE-2025-49794 was published Jun 16, 2025
Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow... Critical Unreviewed
CVE-2025-7768 was published Aug 6, 2025
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either... Critical Unreviewed
CVE-2025-30127 was published Aug 6, 2025
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution Critical
CVE-2024-32651 was published for changedetection.io (pip) Oct 15, 2024
edoardottt dgtlmoon
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service... Critical Unreviewed
CVE-2023-43091 was published Nov 17, 2024
NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker... Critical Unreviewed
CVE-2025-23317 was published Aug 6, 2025
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack... Critical Unreviewed
CVE-2025-23311 was published Aug 6, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker... Critical Unreviewed
CVE-2025-23310 was published Aug 6, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration... Critical Unreviewed
CVE-2025-54253 was published Aug 5, 2025
Object state limitation has no effect Critical
GHSA-w8qp-hmh5-4v9v was published for ezsystems/ezplatform-kernel (Composer) Apr 29, 2022
CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow... Critical Unreviewed
CVE-2025-22470 was published Aug 6, 2025
The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in... Critical Unreviewed
CVE-2025-6994 was published Aug 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database