Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,540 advisories

Loading
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. ... High Unreviewed
CVE-2025-24404 was published Sep 9, 2025
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')... High Unreviewed
CVE-2025-48208 was published Sep 9, 2025
N8N's Chat Trigger component is vulnerable to XSS High
CVE-2025-56265 was published for @n8n/n8n-nodes-langchain (npm) Sep 8, 2025
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0... High Unreviewed
CVE-2025-10213 was published Sep 10, 2025
DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27... High Unreviewed
CVE-2025-40979 was published Sep 10, 2025
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0... High Unreviewed
CVE-2025-10214 was published Sep 10, 2025
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0... High Unreviewed
CVE-2025-10215 was published Sep 10, 2025
The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads... High Unreviewed
CVE-2025-10049 was published Sep 10, 2025
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2025-7049 was published Sep 10, 2025
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10040 was published Sep 10, 2025
The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path... High Unreviewed
CVE-2025-41714 was published Sep 10, 2025
Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby... High Unreviewed
CVE-2025-36759 was published Sep 10, 2025
The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10001 was published Sep 10, 2025
A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing... High Unreviewed
CVE-2025-10172 was published Sep 10, 2025
A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the... High Unreviewed
CVE-2025-10171 was published Sep 10, 2025
Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0... High Unreviewed
CVE-2025-49459 was published Sep 10, 2025
Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability... High Unreviewed
CVE-2025-54258 was published Sep 10, 2025
Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or... High Unreviewed
CVE-2025-54259 was published Sep 10, 2025
Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read... High Unreviewed
CVE-2025-54260 was published Sep 10, 2025
Django is subject to SQL injection through its column aliases High
CVE-2025-57833 was published for Django (pip) Sep 8, 2025
SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information... High Unreviewed
CVE-2023-7308 was published Aug 28, 2025
Under certain error conditions at time of SANnav installation or upgrade, the encryption key can... High Unreviewed
CVE-2025-1053 was published Feb 14, 2025
Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 ... High Unreviewed
CVE-2024-5461 was published Feb 15, 2025
The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a... High Unreviewed
CVE-2025-23342 was published Sep 9, 2025
OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules)... High Unreviewed
CVE-2025-54084 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database