Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,114
NuGet
735
pip
3,934
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,844 advisories

Loading
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates... Critical Unreviewed
CVE-2025-48581 was published Sep 4, 2025
Pixar OpenUSD Sdf_PathNode Module Use-After-Free Vulnerability Leading to Potential Remote Code Execution Critical
GHSA-58p5-r2f6-g2cj was published for usd-core (pip) Sep 4, 2025
bshyuunn
Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL... Critical Unreviewed
CVE-2025-7385 was published Sep 4, 2025
N/A Critical Unreviewed
CVE-2025-36904 was published Sep 4, 2025
In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing... Critical Unreviewed
CVE-2025-36897 was published Sep 4, 2025
N/A Critical Unreviewed
CVE-2025-36896 was published Sep 4, 2025
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input... Critical Unreviewed
CVE-2024-45169 was published Aug 22, 2024
Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated... Critical Unreviewed
CVE-2025-5310 was published Jun 27, 2025
DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more Critical
CVE-2025-58367 was published for deepdiff (pip) Sep 3, 2025
diogotcorreia
XWiki configuration files can be accessed through jsx and sx endpoints Critical
CVE-2025-55748 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Sep 3, 2025
XWiki configuration files can be accessed through the webjars API Critical
CVE-2025-55747 was published for org.xwiki.platform:xwiki-platform-webjars-api (Maven) Sep 3, 2025
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Critical Unreviewed
CVE-2025-53693 was published Sep 3, 2025
FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote... Critical Unreviewed
CVE-2012-10030 was published Aug 5, 2025
utils-extend Prototype Pollution Critical
CVE-2024-57077 was published for utils-extend (npm) Feb 6, 2025
dsimk
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability... Critical Unreviewed
CVE-2025-9276 was published Sep 2, 2025
A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of... Critical Unreviewed
CVE-2025-50518 was published Aug 14, 2025
In BootRom, there's a possible missing payload size check. This could lead to memory buffer... Critical Unreviewed
CVE-2022-38696 was published Sep 2, 2025
In BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This... Critical Unreviewed
CVE-2022-38692 was published Sep 2, 2025
In FDL1, there is a possible missing payload size check. This could lead to memory buffer... Critical Unreviewed
CVE-2022-38693 was published Sep 2, 2025
rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path. Critical Unreviewed
CVE-2025-57140 was published Sep 2, 2025
Malicious versions of Nx were published Critical
GHSA-cxm3-wv7p-598c was published for @nx/devkit (npm) Aug 27, 2025
jahredhope tadhglewis
hckhanh TimShilov
Missing Authorization vulnerability in Hamid Alinia Login with phone number.This issue affects... Critical Unreviewed
CVE-2024-32832 was published Aug 31, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management... Critical Unreviewed
CVE-2025-31100 was published Aug 31, 2025
An authentication bypass vulnerability has been identified in the REST and SOAP API components of... Critical Unreviewed
CVE-2024-4332 was published Jun 3, 2024
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the... Critical Unreviewed
CVE-2025-50428 was published Aug 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database