Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,070 advisories

Loading
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network... Moderate Unreviewed
CVE-2025-20280 was published Sep 9, 2025
A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown... Moderate Unreviewed
CVE-2025-10068 was published Sep 7, 2025
Slink v1.4.9 allows stored cross-site scripting (XSS) via crafted SVG uploads. When a user views... Moderate Unreviewed
CVE-2025-55944 was published Sep 9, 2025
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check... Moderate Unreviewed
CVE-2024-47704 was published Oct 21, 2024
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7... Moderate Unreviewed
CVE-2025-53609 was published Sep 9, 2025
A vulnerability has been found in TRENDnet TEW-831DR 1.0 (601.130.1.1410). Impacted is an unknown... Moderate Unreviewed
CVE-2025-10107 was published Sep 9, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection')... Moderate Unreviewed
CVE-2024-45325 was published Sep 9, 2025
A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by... Moderate Unreviewed
CVE-2025-47416 was published Sep 9, 2025
SolidInvoice 2.3.7 and v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the client's... Moderate Unreviewed
CVE-2025-55580 was published Aug 29, 2025
SolidInvoice 2.3.7 and fixed in v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the Tax... Moderate Unreviewed
CVE-2025-55579 was published Aug 29, 2025
A weakness has been identified in code-projects Simple Grading System 1.0. Affected by this... Moderate Unreviewed
CVE-2025-9665 was published Aug 29, 2025
A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue... Moderate Unreviewed
CVE-2025-9610 was published Aug 29, 2025
A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve... Moderate Unreviewed
CVE-2025-34521 was published Aug 28, 2025
An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents... Moderate Unreviewed
CVE-2024-55955 was published Dec 31, 2024
Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data Moderate
CVE-2025-58782 was published for org.apache.jackrabbit:jackrabbit-core (Maven) Sep 8, 2025
Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that... Moderate Unreviewed
CVE-2025-1688 was published Apr 15, 2025
A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS... Moderate Unreviewed
CVE-2025-40594 was published Sep 9, 2025
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC... Moderate Unreviewed
CVE-2025-40757 was published Sep 9, 2025
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in... Moderate Unreviewed
CVE-2025-9542 was published Sep 9, 2025
The Mikado Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes... Moderate Unreviewed
CVE-2025-9058 was published Sep 9, 2025
The Wilmer Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes... Moderate Unreviewed
CVE-2025-9061 was published Sep 9, 2025
The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode... Moderate Unreviewed
CVE-2025-9489 was published Sep 9, 2025
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an... Moderate Unreviewed
CVE-2025-42920 was published Sep 9, 2025
SAP NetWeaver Application Server Java does not perform an authentication check when an attacker... Moderate Unreviewed
CVE-2025-42926 was published Sep 9, 2025
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP NetWeaver ABAP Platform, an... Moderate Unreviewed
CVE-2025-42938 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database