Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An... Critical Unreviewed
CVE-2025-35115 was published Aug 27, 2025
Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in... Critical Unreviewed
CVE-2021-34184 was published May 24, 2022
cipher-base is missing type checks, leading to hash rewind and passing on crafted data Critical
CVE-2025-9287 was published for cipher-base (npm) Aug 21, 2025
ChALkeR ljharb
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and... Critical Unreviewed
CVE-2025-55619 was published Aug 22, 2025
An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In... Critical Unreviewed
CVE-2025-55398 was published Aug 22, 2025
An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com... Critical Unreviewed
CVE-2025-50900 was published Aug 26, 2025
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute... Critical Unreviewed
CVE-2025-57105 was published Aug 22, 2025
Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API. Critical Unreviewed
CVE-2024-53499 was published Aug 22, 2025
An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the... Critical Unreviewed
CVE-2025-52095 was published Aug 22, 2025
zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can... Critical Unreviewed
CVE-2024-50644 was published Aug 22, 2025
In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and... Critical Unreviewed
CVE-2025-29366 was published Aug 22, 2025
sha.js is missing type checks leading to hash rewind and passing on crafted data Critical
CVE-2025-9288 was published for sha.js (npm) Aug 21, 2025
ChALkeR
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via... Critical Unreviewed
CVE-2025-56212 was published Aug 26, 2025
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the... Critical Unreviewed
CVE-2025-56214 was published Aug 26, 2025
SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive... Critical Unreviewed
CVE-2025-55575 was published Aug 26, 2025
In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct... Critical Unreviewed
CVE-2025-54336 was published Aug 19, 2025
The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe... Critical Unreviewed
CVE-2025-51092 was published Aug 22, 2025
Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user... Critical Unreviewed
CVE-2022-45134 was published Aug 22, 2025
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An... Critical Unreviewed
CVE-2025-41702 was published Aug 26, 2025
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor... Critical Unreviewed
CVE-2025-53120 was published Aug 26, 2025
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control... Critical Unreviewed
CVE-2025-53118 was published Aug 26, 2025
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-50722 was published Aug 26, 2025
Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6... Critical Unreviewed
CVE-2025-29514 was published Aug 25, 2025
Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C... Critical Unreviewed
CVE-2025-29515 was published Aug 25, 2025
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior... Critical Unreviewed
CVE-2025-4609 was published Aug 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database