GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,835
Composer 4,870
Erlang 36
GitHub Actions 36
Go 2,493
Maven 5,926
npm 4,126
NuGet 735
pip 3,943
Pub 12
RubyGems 945
Rust 1,021
Swift 39

Unreviewed advisories

All unreviewed 269,179

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,457 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This... Critical Unreviewed

CVE-2025-8043 was published Jul 22, 2025

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the... Critical Unreviewed

CVE-2025-8037 was published Jul 22, 2025

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence... Critical Unreviewed

CVE-2025-8044 was published Jul 22, 2025

An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The... Critical Unreviewed

CVE-2025-34143 was published Jul 22, 2025

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed

CVE-2025-4285 was published Jul 22, 2025

The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing... Critical Unreviewed

CVE-2025-6187 was published Jul 22, 2025

The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed

CVE-2015-10137 was published Jul 22, 2025

The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed

CVE-2012-10020 was published Jul 22, 2025

Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of... Critical Unreviewed

CVE-2025-52362 was published Jul 21, 2025

A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2... Critical Unreviewed

CVE-2020-26799 was published Jul 21, 2025

In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration... Critical Unreviewed

CVE-2025-44654 was published Jul 21, 2025

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login... Critical Unreviewed

CVE-2025-7393 was published Jul 21, 2025

An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal... Critical Unreviewed

CVE-2025-36846 was published Jul 21, 2025

In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in... Critical Unreviewed

CVE-2025-44655 was published Jul 21, 2025

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following... Critical Unreviewed

CVE-2025-44658 was published Jul 21, 2025

An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions... Critical Unreviewed

CVE-2025-7624 was published Jul 21, 2025

An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos... Critical Unreviewed

CVE-2025-6704 was published Jul 21, 2025

Due to insufficient verification, an attacker could use a malicious client to bypass... Critical Unreviewed

CVE-2024-6107 was published Jul 21, 2025

Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability, allowing... Critical Unreviewed

CVE-2025-7921 was published Jul 21, 2025

The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote... Critical Unreviewed

CVE-2025-7343 was published Jul 21, 2025

File contents could be read from the local file system by an attacker. Additionally, malicious... Critical Unreviewed

CVE-2025-24937 was published Jul 21, 2025

The web application allows user input to pass unfiltered to a command executed on the underlying... Critical Unreviewed

CVE-2025-24936 was published Jul 21, 2025

WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability,... Critical Unreviewed

CVE-2025-7918 was published Jul 21, 2025

WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability,... Critical Unreviewed

CVE-2025-7916 was published Jul 21, 2025

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an... Critical Unreviewed

CVE-2025-53770 was published Jul 20, 2025

Previous 1…22…400 Next

Previous 1 2 … 20 21 22 23 24 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

23,457 advisories