Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution Critical
CVE-2025-32434 was published for torch (pip) Apr 18, 2025
azraelxuemo hixio-mh
An improper authentication vulnerability has been reported to affect VioStor. If a remote... Critical Unreviewed
CVE-2025-52856 was published Aug 29, 2025
SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-44033 was published Aug 29, 2025
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing... Critical Unreviewed
CVE-2017-12187 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing... Critical Unreviewed
CVE-2017-12184 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing... Critical Unreviewed
CVE-2017-12183 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension... Critical Unreviewed
CVE-2017-12185 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing... Critical Unreviewed
CVE-2017-12186 was published May 13, 2022
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote... Critical Unreviewed
CVE-2023-30258 was published Jun 23, 2023
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing... Critical Unreviewed
CVE-2017-12180 was published May 13, 2022
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function... Critical Unreviewed
CVE-2017-12177 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing... Critical Unreviewed
CVE-2017-12182 was published May 13, 2022
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function... Critical Unreviewed
CVE-2017-12178 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection... Critical Unreviewed
CVE-2017-12176 was published May 13, 2022
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S... Critical Unreviewed
CVE-2017-12179 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing... Critical Unreviewed
CVE-2017-12181 was published May 13, 2022
Clinic Image System developed by Changing contains hard-coded Credentials, allowing... Critical Unreviewed
CVE-2025-8857 was published Aug 29, 2025
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated... Critical Unreviewed
CVE-2025-8861 was published Aug 29, 2025
, aka 'Hyper-V Remote Code Execution Vulnerability'. Critical Unreviewed
CVE-2020-17095 was published May 24, 2022
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE... Critical Unreviewed
CVE-2020-17132 was published May 24, 2022
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE... Critical Unreviewed
CVE-2020-17142 was published May 24, 2022
, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE... Critical Unreviewed
CVE-2020-17118 was published May 24, 2022
Valtimo scripting engine can be used to gain access to sensitive data or resources Critical
CVE-2025-58059 was published for com.ritense.valtimo:core (Maven) Aug 28, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows... Critical Unreviewed
CVE-2025-54725 was published Aug 28, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster... Critical Unreviewed
CVE-2025-54738 was published Aug 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database