Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,118
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,847 advisories

Loading
An improper authentication vulnerability has been reported to affect VioStor. If a remote... Critical Unreviewed
CVE-2025-52856 was published Aug 29, 2025
SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-44033 was published Aug 29, 2025
Clinic Image System developed by Changing contains hard-coded Credentials, allowing... Critical Unreviewed
CVE-2025-8857 was published Aug 29, 2025
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated... Critical Unreviewed
CVE-2025-8861 was published Aug 29, 2025
Valtimo scripting engine can be used to gain access to sensitive data or resources Critical
CVE-2025-58059 was published for com.ritense.valtimo:core (Maven) Aug 28, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster... Critical Unreviewed
CVE-2025-54738 was published Aug 28, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows... Critical Unreviewed
CVE-2025-54725 was published Aug 28, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-54720 was published Aug 28, 2025
D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command... Critical Unreviewed
CVE-2025-55583 was published Aug 28, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File... Critical Unreviewed
CVE-2025-49387 was published Aug 28, 2025
Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager allows Object... Critical Unreviewed
CVE-2025-52761 was published Aug 28, 2025
Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin allows... Critical Unreviewed
CVE-2025-49388 was published Aug 28, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-39496 was published Aug 28, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in extremeidea bidorbuy... Critical Unreviewed
CVE-2025-48100 was published Aug 28, 2025
SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated... Critical Unreviewed
CVE-2025-53970 was published Aug 28, 2025
SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated... Critical Unreviewed
CVE-2025-54762 was published Aug 28, 2025
NeuVector admin account has insecure default password Critical
CVE-2025-8077 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to... Critical Unreviewed
CVE-2025-7955 was published Aug 28, 2025
A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified... Critical Unreviewed
CVE-2025-34522 was published Aug 28, 2025
A heap-based buffer overflow vulnerability exists in the exists in the network-facing input... Critical Unreviewed
CVE-2025-34523 was published Aug 28, 2025
Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile... Critical Unreviewed
CVE-2025-34163 was published Aug 28, 2025
AnyShare contains a critical unauthenticated remote code execution vulnerability in the... Critical Unreviewed
CVE-2025-34160 was published Aug 28, 2025
An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que... Critical Unreviewed
CVE-2025-34162 was published Aug 28, 2025
QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path... Critical Unreviewed
CVE-2024-13984 was published Aug 28, 2025
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated... Critical Unreviewed
CVE-2024-13985 was published Aug 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database