Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

900 advisories

Loading
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x... Critical Unreviewed
CVE-2016-4538 was published May 14, 2022
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x... Critical Unreviewed
CVE-2016-4537 was published May 14, 2022
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5... Critical Unreviewed
CVE-2016-4071 was published May 14, 2022
The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5... Critical Unreviewed
CVE-2015-5589 was published May 17, 2022
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP... Critical Unreviewed
CVE-2016-1209 was published May 17, 2022
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote... Critical Unreviewed
CVE-2016-4072 was published May 14, 2022
Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to... Critical Unreviewed
CVE-2016-2170 was published May 13, 2022
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and... Critical Unreviewed
CVE-2016-0801 was published May 14, 2022
The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and... Critical Unreviewed
CVE-2016-1929 was published May 14, 2022
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-24446 was published Apr 8, 2025
A vulnerability in the web-based management interface of Cisco Small Business RV042 Series... Critical Unreviewed
CVE-2023-20025 was published Jan 20, 2023
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify... Critical Unreviewed
CVE-2024-5276 was published Jun 25, 2024
BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~... Critical Unreviewed
CVE-2022-41417 was published Jan 18, 2023
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell` Critical
CVE-2025-31477 was published for @tauri-apps/plugin-shell (npm) Apr 2, 2025
Rigidity tweidinger
chippers lucasfernog
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input... Critical Unreviewed
CVE-2023-23560 was published Jan 23, 2023
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input... Critical Unreviewed
CVE-2021-21985 was published May 24, 2022
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS... Critical Unreviewed
CVE-2025-30452 was published Apr 1, 2025
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient... Critical Unreviewed
CVE-2019-10149 was published May 24, 2022
In Config Manager, there is a possible command injection due to improper input validation. This... Critical Unreviewed
CVE-2021-31575 was published Feb 7, 2023
In Config Manager, there is a possible command injection due to improper input validation. This... Critical Unreviewed
CVE-2021-31574 was published Feb 7, 2023
In Config Manager, there is a possible command injection due to improper input validation. This... Critical Unreviewed
CVE-2021-31573 was published Feb 7, 2023
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an... Critical Unreviewed
CVE-2024-1355 was published Feb 13, 2024
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate... Critical Unreviewed
CVE-2025-29814 was published Mar 21, 2025
A vulnerability in ollama/ollama version 0.1.37 allows for remote code execution (RCE) due to... Critical Unreviewed
CVE-2024-7773 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database