Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,492
Maven
5,000+
npm
4,114
NuGet
735
pip
3,936
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,845 advisories

Loading
LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co.... Critical Unreviewed
CVE-2024-13981 was published Aug 28, 2025
A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform ... Critical Unreviewed
CVE-2023-7309 was published Aug 28, 2025
A SQL injection vulnerability exists in the St. Joe ERP system ("圣乔ERP系统") that allows... Critical Unreviewed
CVE-2024-13979 was published Aug 28, 2025
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the... Critical Unreviewed
CVE-2025-50428 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34161 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34159 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS)... Critical Unreviewed
CVE-2025-34157 was published Aug 27, 2025
Malicious versions of Nx were published Critical
GHSA-cxm3-wv7p-598c was published for @nx/devkit (npm) Aug 27, 2025
jahredhope tadhglewis
hckhanh TimShilov
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute... Critical Unreviewed
CVE-2025-50972 was published Aug 27, 2025
Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure... Critical Unreviewed
CVE-2025-43728 was published Aug 27, 2025
The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability Critical
CVE-2025-52122 was published for solspace/craft-freeform (Composer) Aug 27, 2025
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command... Critical Unreviewed
CVE-2025-30057 was published Aug 27, 2025
The RunCommand function accepts any parameter, which is then passed for execution in the shell.... Critical Unreviewed
CVE-2025-30056 was published Aug 27, 2025
The configuration file containing database logins and passwords is readable by any local user. Critical Unreviewed
CVE-2025-30063 was published Aug 27, 2025
The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is... Critical Unreviewed
CVE-2025-30055 was published Aug 27, 2025
In the Print.pl service, the "uhcPrintServerPrint" function allows execution of arbitrary code... Critical Unreviewed
CVE-2025-2313 was published Aug 27, 2025
Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows... Critical Unreviewed
CVE-2025-30039 was published Aug 27, 2025
The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat... Critical Unreviewed
CVE-2025-30041 was published Aug 27, 2025
The vulnerability allows unauthenticated users to download a file containing session ID data by... Critical Unreviewed
CVE-2025-30040 was published Aug 27, 2025
Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An... Critical Unreviewed
CVE-2025-35115 was published Aug 27, 2025
In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a... Critical Unreviewed
CVE-2025-22408 was published Aug 27, 2025
In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary... Critical Unreviewed
CVE-2025-22403 was published Aug 27, 2025
In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary... Critical Unreviewed
CVE-2025-0074 was published Aug 27, 2025
In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary... Critical Unreviewed
CVE-2025-0075 was published Aug 27, 2025
Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT... Critical Unreviewed
CVE-2025-55443 was published Aug 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database