Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,897 advisories

Loading
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an... Moderate Unreviewed
CVE-2025-5265 was published May 27, 2025
Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird... Moderate Unreviewed
CVE-2025-5268 was published May 27, 2025
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker... Moderate Unreviewed
CVE-2025-5264 was published May 27, 2025
A vulnerability was found in Qualitor 8.20. It has been rated as critical. Affected by this issue... Moderate Unreviewed
CVE-2025-5139 was published May 25, 2025
A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability... High Unreviewed
CVE-2025-5126 was published May 24, 2025
Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01... Moderate Unreviewed
CVE-2025-46176 was published May 23, 2025
A vulnerability was found in Fujian Kelixun 1.0. It has been classified as critical. This affects... Moderate Unreviewed
CVE-2025-5106 was published May 23, 2025
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection... High Unreviewed
CVE-2025-32813 was published May 22, 2025
Ackites KillWxapkg vulnerable to OS Command Injection Low
CVE-2025-5030 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote... Moderate Unreviewed
CVE-2025-20258 was published May 21, 2025
The Meteobridge web interface let meteobridge administrator manage their weather station data... Critical Unreviewed
CVE-2025-4008 was published May 21, 2025
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified... Moderate Unreviewed
CVE-2025-4999 was published May 20, 2025
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been... Moderate Unreviewed
CVE-2025-5000 was published May 20, 2025
D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this... Critical Unreviewed
CVE-2025-44084 was published May 20, 2025
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for... Moderate Unreviewed
CVE-2025-43714 was published May 19, 2025
Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote... High Unreviewed
CVE-2024-55063 was published May 19, 2025
A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This... Moderate Unreviewed
CVE-2025-4851 was published May 18, 2025
A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101.... Moderate Unreviewed
CVE-2025-4850 was published May 18, 2025
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical.... Moderate Unreviewed
CVE-2025-4849 was published May 18, 2025
Improper neutralization of special elements used in a command ('command injection') in Visual... High Unreviewed
CVE-2025-32702 was published May 13, 2025
An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard... Moderate Unreviewed
CVE-2024-55466 was published May 12, 2025
Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. Moderate Unreviewed
CVE-2025-44176 was published May 12, 2025
IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated... High Unreviewed
CVE-2025-1137 was published May 10, 2025
Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a... Critical Unreviewed
CVE-2025-29509 was published May 9, 2025
EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged... Critical Unreviewed
CVE-2024-11861 was published May 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database