Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

11,460 advisories

Loading
A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version... Moderate Unreviewed
CVE-2025-34032 was published Jun 26, 2025
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and... Critical Unreviewed
CVE-2025-34035 was published Jun 26, 2025
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication Moderate
CVE-2025-52894 was published for github.com/openbao/openbao (Go) Jun 26, 2025
cipherboy
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL... High Unreviewed
CVE-2025-34048 was published Jun 26, 2025
A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing... High Unreviewed
CVE-2025-34047 was published Jun 26, 2025
An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version... Critical Unreviewed
CVE-2025-34049 was published Jun 26, 2025
A remote command injection vulnerability exists in Vacron Network Video Recorder (NVR) devices v1... Critical Unreviewed
CVE-2025-34043 was published Jun 26, 2025
The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling... High Unreviewed
CVE-2025-6709 was published Jun 26, 2025
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware... Critical Unreviewed
CVE-2025-34042 was published Jun 26, 2025
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account... High Unreviewed
CVE-2025-34045 was published Jun 26, 2025
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7... Critical Unreviewed
CVE-2025-34044 was published Jun 26, 2025
pbkdf2 silently disregards Uint8Array input, returning static keys Critical
CVE-2025-6547 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos Critical
CVE-2025-6545 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system... Critical Unreviewed
CVE-2025-25038 was published Jun 20, 2025
A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR... High Unreviewed
CVE-2025-34021 was published Jun 20, 2025
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and... Critical Unreviewed
CVE-2025-34024 was published Jun 20, 2025
An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot... Critical Unreviewed
CVE-2025-34030 was published Jun 20, 2025
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization Low
CVE-2025-6279 was published for upsonic (pip) Jun 19, 2025
An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of... High Unreviewed
CVE-2025-29646 was published Jun 18, 2025
Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path... Moderate Unreviewed
CVE-2025-6240 was published Jun 18, 2025
Grafana long dashboard title or panel name causes unresponsives Low
CVE-2025-1088 was published for github.com/grafana/grafana (Go) Jun 18, 2025
Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05... High Unreviewed
CVE-2024-55567 was published Jun 12, 2025
There is an insufficient input validation vulnerability in the warehouse component of Absolute... Moderate Unreviewed
CVE-2025-49081 was published Jun 12, 2025
Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on... High Unreviewed
CVE-2025-4613 was published Jun 12, 2025
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an... Critical Unreviewed
CVE-2024-1244 was published Jun 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database