Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error... Critical Unreviewed
CVE-2025-46658 was published Aug 5, 2025
A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui... Critical Unreviewed
CVE-2024-11045 was published Mar 20, 2025
ThinkPHP Path Traversal Vulnerability Critical
CVE-2025-50706 was published for topthink/framework (Composer) Aug 5, 2025
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE) Critical
CVE-2025-54802 was published for pyload-ng (pip) Aug 4, 2025
ptrgits sfatzmw
The ADOdb sqlite3 driver allows SQL injection Critical
CVE-2025-54119 was published for adodb/adodb-php (Composer) Aug 4, 2025
mrcnpp dregad
SwiftNIO SSL arbitrary code execution vulnerability Critical
CVE-2019-8849 was published for github.com/apple/swift-nio-ssl (Swift) May 24, 2022
morningstarxcdcode
A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain... Critical Unreviewed
CVE-2025-50341 was published Aug 4, 2025
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection... Critical Unreviewed
CVE-2025-51390 was published Aug 4, 2025
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured... Critical Unreviewed
CVE-2025-51387 was published Aug 4, 2025
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a... Critical Unreviewed
CVE-2025-27212 was published Aug 5, 2025
Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report... Critical Unreviewed
CVE-2025-50754 was published Aug 4, 2025
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an... Critical Unreviewed
CVE-2025-2611 was published Aug 5, 2025
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre... Critical Unreviewed
CVE-2025-54987 was published Aug 5, 2025
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre... Critical Unreviewed
CVE-2025-54948 was published Aug 5, 2025
Partner Software's Partner Software Product and corresponding Partner Web application use the... Critical Unreviewed
CVE-2025-6077 was published Aug 2, 2025
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on... Critical Unreviewed
CVE-2025-54982 was published Aug 5, 2025
DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability Critical Unreviewed
CVE-2025-53417 was published Aug 5, 2025
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows... Critical Unreviewed
CVE-2025-46093 was published Aug 5, 2025
An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code... Critical Unreviewed
CVE-2025-52239 was published Aug 4, 2025
Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded... Critical Unreviewed
CVE-2025-51536 was published Aug 4, 2025
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over... Critical Unreviewed
CVE-2025-32711 was published Jun 11, 2025
XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304)... Critical Unreviewed
CVE-2019-19144 was published Aug 1, 2025
gnuplot 5.4 is affected by a segmentation fault in com_line () at command.c, which may result in... Critical Unreviewed
CVE-2020-25412 was published May 24, 2022
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and... Critical Unreviewed
CVE-2013-10054 was published Aug 4, 2025
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi... Critical Unreviewed
CVE-2025-34147 was published Aug 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database