Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,436
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,694
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

181 advisories

Loading
OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration High
GHSA-57gh-m6rq-54cf was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he... High Unreviewed
CVE-2026-4760 was published Mar 25, 2026
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that... High Unreviewed
CVE-2016-20025 was published Mar 16, 2026
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated... High Unreviewed
CVE-2018-25164 was published Mar 6, 2026
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers... High Unreviewed
CVE-2020-37082 was published Feb 4, 2026
Arbitrary file deletion vulnerability have been identified in a system function of mobility... High Unreviewed
CVE-2025-37168 was published Jan 13, 2026
Picklescan vulnerable to Arbitrary File Writing High
GHSA-m273-6v24-x4m4 was published for picklescan (pip) Dec 29, 2025
0x-Apollyon Credited to 0x-Apollyon
V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure... High Unreviewed
CVE-2019-25239 was published Dec 24, 2025
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows... High Unreviewed
CVE-2018-25145 was published Dec 24, 2025
due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` is enabled and... High Unreviewed
CVE-2025-14896 was published Dec 18, 2025
Constellation has insecure LUKS2 persistent storage partitions which may be opened and used High
CVE-2025-58356 was published for github.com/edgelesssys/constellation/v2 (Go) Oct 27, 2025
tjade273 Credited to tjade273, daniel-weisse, msanft, and katexochen daniel-weisse daniel-weisse
msanft msanft katexochen katexochen
An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space... High Unreviewed
CVE-2025-59976 was published Oct 9, 2025
Apache Kylin Files or Directories Accessible to External Parties High
CVE-2025-61734 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on... High Unreviewed
CVE-2025-3025 was published Sep 15, 2025
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose... High Unreviewed
CVE-2009-10005 was published Aug 20, 2025
NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate... High Unreviewed
CVE-2025-23276 was published Aug 3, 2025
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience... High Unreviewed
CVE-2025-34139 was published Jul 25, 2025
OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui... High Unreviewed
CVE-2023-41566 was published Jul 17, 2025
Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If... High Unreviewed
CVE-2025-49797 was published Jun 26, 2025
Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux... High Unreviewed
CVE-2025-4134 was published May 28, 2025
An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows... High Unreviewed
CVE-2025-45529 was published May 27, 2025
A vulnerability was discovered in Pagure server. If a malicious user were to submit a git... High Unreviewed
CVE-2024-4981 was published May 12, 2025
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to... High Unreviewed
CVE-2025-32819 was published May 7, 2025
Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user... High Unreviewed
CVE-2025-1982 was published Apr 16, 2025
CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that... High Unreviewed
CVE-2025-2222 was published Apr 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database