Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre... Critical Unreviewed
CVE-2025-54987 was published Aug 5, 2025
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre... Critical Unreviewed
CVE-2025-54948 was published Aug 5, 2025
Partner Software's Partner Software Product and corresponding Partner Web application use the... Critical Unreviewed
CVE-2025-6077 was published Aug 2, 2025
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on... Critical Unreviewed
CVE-2025-54982 was published Aug 5, 2025
DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability Critical Unreviewed
CVE-2025-53417 was published Aug 5, 2025
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows... Critical Unreviewed
CVE-2025-46093 was published Aug 5, 2025
An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code... Critical Unreviewed
CVE-2025-52239 was published Aug 4, 2025
Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded... Critical Unreviewed
CVE-2025-51536 was published Aug 4, 2025
XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304)... Critical Unreviewed
CVE-2019-19144 was published Aug 1, 2025
gnuplot 5.4 is affected by a segmentation fault in com_line () at command.c, which may result in... Critical Unreviewed
CVE-2020-25412 was published May 24, 2022
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over... Critical Unreviewed
CVE-2025-32711 was published Jun 11, 2025
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi... Critical Unreviewed
CVE-2025-34147 was published Aug 4, 2025
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and... Critical Unreviewed
CVE-2013-10054 was published Aug 4, 2025
RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker... Critical Unreviewed
CVE-2025-44963 was published Aug 4, 2025
In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP... Critical Unreviewed
CVE-2025-44961 was published Aug 4, 2025
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root... Critical Unreviewed
CVE-2025-44954 was published Aug 4, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Critical Unreviewed
CVE-2025-36594 was published Aug 4, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input Critical
CVE-2025-30223 was published for github.com/beego/beego (Go) Mar 31, 2025
thevilledev
A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release... Critical Unreviewed
CVE-2025-6205 was published Aug 4, 2025
langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the... Critical Unreviewed
CVE-2025-46059 was published Jul 29, 2025
The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in... Critical Unreviewed
CVE-2025-7710 was published Aug 2, 2025
Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the... Critical Unreviewed
CVE-2025-50870 was published Aug 1, 2025
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows... Critical Unreviewed
CVE-2013-10047 was published Aug 1, 2025
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the... Critical Unreviewed
CVE-2013-10060 was published Aug 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database