Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,879 advisories

Loading
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2025-54446 was published Jul 23, 2025
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows... Critical Unreviewed
CVE-2025-54455 was published Jul 23, 2025
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows... Critical Unreviewed
CVE-2025-54454 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... Critical Unreviewed
CVE-2025-54442 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... Critical Unreviewed
CVE-2025-54444 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... Critical Unreviewed
CVE-2025-54440 was published Jul 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2025-54443 was published Jul 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2025-54438 was published Jul 23, 2025
On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too... Critical Unreviewed
CVE-2025-8028 was published Jul 22, 2025
The `username:password` part was not correctly stripped from URLs in CSP reports potentially... Critical Unreviewed
CVE-2025-8031 was published Jul 22, 2025
Focus incorrectly truncated URLs towards the beginning instead of around the origin. This... Critical Unreviewed
CVE-2025-8043 was published Jul 22, 2025
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the... Critical Unreviewed
CVE-2025-8037 was published Jul 22, 2025
Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence... Critical Unreviewed
CVE-2025-8044 was published Jul 22, 2025
Thunderbird ignored paths when checking the validity of navigations in a frame. This... Critical Unreviewed
CVE-2025-8038 was published Jul 22, 2025
An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI... Critical Unreviewed
CVE-2025-7724 was published Jul 22, 2025
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The... Critical Unreviewed
CVE-2025-34143 was published Jul 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-4285 was published Jul 22, 2025
The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing... Critical Unreviewed
CVE-2025-6187 was published Jul 22, 2025
The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2015-10137 was published Jul 22, 2025
The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... Critical Unreviewed
CVE-2012-10020 was published Jul 22, 2025
Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of... Critical Unreviewed
CVE-2025-52362 was published Jul 21, 2025
A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2... Critical Unreviewed
CVE-2020-26799 was published Jul 21, 2025
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access Critical
CVE-2025-54127 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
Nokogiri patches vendored libxml2 to resolve multiple CVEs Critical
GHSA-353f-x4gh-cqq8 was published for nokogiri (RubyGems) Jul 21, 2025
nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability Critical
CVE-2025-54082 was published for manogi/nova-tiptap (Composer) Jul 21, 2025
vintagesucks
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database