Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
[This CNA information record relates to multiple CVEs; the text explains which aspects... Critical Unreviewed
CVE-2025-58142 was published Sep 11, 2025
[This CNA information record relates to multiple CVEs; the text explains which aspects... Critical Unreviewed
CVE-2025-58143 was published Sep 11, 2025
[This CNA information record relates to multiple CVEs; the text explains which aspects... Critical Unreviewed
CVE-2025-27466 was published Sep 11, 2025
Prebid-universal-creative latest on npm briefly compromised Critical
CVE-2025-59039 was published for prebid-universal-creative (npm) Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40689 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40691 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40687 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40690 was published Sep 11, 2025
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an... Critical Unreviewed
CVE-2025-40692 was published Sep 11, 2025
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. Critical Unreviewed
CVE-2025-58321 was published Sep 11, 2025
The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to... Critical Unreviewed
CVE-2025-8570 was published Sep 11, 2025
interactive-git-checkout has a Command Injection vulnerability Critical
CVE-2025-59046 was published for interactive-git-checkout (npm) Sep 10, 2025
lirantal
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation Critical
CVE-2025-54123 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft... Critical Unreviewed
CVE-2025-10226 was published Sep 10, 2025
Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in... Critical Unreviewed
CVE-2025-10220 was published Sep 10, 2025
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response... Critical Unreviewed
CVE-2025-9943 was published Sep 10, 2025
OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via... Critical Unreviewed
CVE-2025-58462 was published Sep 9, 2025
A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated... Critical Unreviewed
CVE-2025-57633 was published Sep 9, 2025
An authentication bypass vulnerability allows remote attackers to gain administrative privileges... Critical Unreviewed
CVE-2025-10159 was published Sep 9, 2025
halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api... Critical Unreviewed
CVE-2025-44594 was published Sep 9, 2025
Multiple CWE-78 Critical Unreviewed
CVE-2025-55048 was published Sep 9, 2025
CWE-1392: Use of Default Credentials Critical Unreviewed
CVE-2025-55051 was published Sep 9, 2025
CWE-1242: Inclusion of Undocumented Features Critical Unreviewed
CVE-2025-55050 was published Sep 9, 2025
Use of Default Cryptographic Key (CWE-1394) Critical Unreviewed
CVE-2025-55049 was published Sep 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue... Critical Unreviewed
CVE-2025-58997 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database