Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,581 advisories

Loading
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat... High Unreviewed
CVE-2025-2417 was published Sep 4, 2025
2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle... High Unreviewed
CVE-2024-47258 was published Feb 6, 2025
Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning High
GHSA-ph6w-f82w-28w6 was published for @anthropic-ai/claude-code (npm) Sep 3, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-58637 was published Sep 3, 2025
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day &... High Unreviewed
CVE-2025-58642 was published Sep 3, 2025
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL... High Unreviewed
CVE-2025-58644 was published Sep 3, 2025
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes –... High Unreviewed
CVE-2025-58643 was published Sep 3, 2025
phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in... High Unreviewed
CVE-2025-57150 was published Sep 3, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-58604 was published Sep 3, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-58608 was published Sep 3, 2025
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability... High Unreviewed
CVE-2025-47421 was published Sep 3, 2025
phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin... High Unreviewed
CVE-2025-57151 was published Sep 3, 2025
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk... High Unreviewed
CVE-2025-2416 was published Sep 3, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore... High Unreviewed
CVE-2025-53694 was published Sep 3, 2025
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore... High Unreviewed
CVE-2025-53691 was published Sep 3, 2025
Origin Validation Error vulnerability in Akinsoft LimonDesk allows Forceful Browsing.This issue... High Unreviewed
CVE-2024-13068 was published Sep 3, 2025
The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service ... High Unreviewed
CVE-2014-125127 was published Sep 3, 2025
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to... High Unreviewed
CVE-2025-55177 was published Aug 29, 2025
domain-suffix RegEx Denial of Service High
CVE-2024-25354 was published for domain-suffix (npm) Mar 28, 2024
dsimk
XStream can be used for Remote Code Execution High
CVE-2020-26217 was published for com.thoughtworks.xstream:xstream (Maven) Nov 16, 2020
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
anlakii
Unrestricted Upload of File with Dangerous Type Apache Tomcat High
CVE-2017-12617 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 14, 2022
sunSUNQ anlakii
Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat High
CVE-2016-8745 was published for org.apache.tomcat:tomcat-util (Maven) May 14, 2022
sunSUNQ anlakii
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for log4j:log4j (Maven) Mar 10, 2023
jw123023 AndrzejBiernacki2010
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race... High Unreviewed
CVE-2025-38352 was published Jul 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database