Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

900 advisories

Loading
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation Critical
CVE-2025-54123 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Magento Community Edition Improper Input Validation vulnerability Critical
CVE-2025-54236 was published for magento/community-edition (Composer) Sep 9, 2025
Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34161 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS)... Critical Unreviewed
CVE-2025-34157 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34159 was published Aug 27, 2025
Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified... Critical Unreviewed
CVE-2025-34158 was published Aug 21, 2025
sha.js is missing type checks leading to hash rewind and passing on crafted data Critical
CVE-2025-9288 was published for sha.js (npm) Aug 21, 2025
ChALkeR
cipher-base is missing type checks, leading to hash rewind and passing on crafted data Critical
CVE-2025-9287 was published for cipher-base (npm) Aug 21, 2025
ChALkeR ljharb
A security issue exists due to improper handling of malformed CIP Forward Close packets during... Critical Unreviewed
CVE-2025-7693 was published Aug 18, 2025
A vulnerability has been found in the  MSoft MFlash application that allows execution of... Critical Unreviewed
CVE-2025-9060 was published Aug 15, 2025
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This... Critical Unreviewed
CVE-2025-8876 was published Aug 14, 2025
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet... Critical Unreviewed
CVE-2025-24325 was published Aug 12, 2025
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2).... Critical Unreviewed
CVE-2025-40746 was published Aug 12, 2025
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an... Critical Unreviewed
CVE-2025-2611 was published Aug 5, 2025
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a... Critical Unreviewed
CVE-2025-27212 was published Aug 5, 2025
LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP... Critical Unreviewed
CVE-2025-50578 was published Jul 30, 2025
This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15... Critical Unreviewed
CVE-2025-43253 was published Jul 30, 2025
Multiple memory corruption issues were addressed with improved input validation. This issue is... Critical Unreviewed
CVE-2025-43234 was published Jul 30, 2025
An input validation issue was addressed with improved memory handling. This issue is fixed in... Critical Unreviewed
CVE-2025-31281 was published Jul 30, 2025
A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices... Critical Unreviewed
CVE-2014-125117 was published Jul 25, 2025
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to... Critical Unreviewed
CVE-2025-34132 was published Jul 17, 2025
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior... Critical Unreviewed
CVE-2025-34300 was published Jul 16, 2025
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version... Critical Unreviewed
CVE-2025-34111 was published Jul 15, 2025
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss... Critical Unreviewed
CVE-2025-34105 was published Jul 15, 2025
An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e... Critical Unreviewed
CVE-2025-34068 was published Jul 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database