Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
42
Go
3,143
Maven
5,000+
npm
5,000+
NuGet
840
pip
4,438
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

29,038 advisories

Loading
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and... Critical Unreviewed
CVE-2025-70082 was published Mar 11, 2026
Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL)... Critical Unreviewed
CVE-2018-25159 was published Mar 11, 2026
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0... Critical Unreviewed
CVE-2025-66956 was published Mar 11, 2026
SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows... Critical Unreviewed
CVE-2019-25487 was published Mar 11, 2026
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows... Critical Unreviewed
CVE-2019-25468 was published Mar 11, 2026
FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload... Critical Unreviewed
CVE-2019-25471 was published Mar 11, 2026
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client... Critical Unreviewed
CVE-2025-67041 was published Mar 11, 2026
Parse Server vulnerable to SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL Critical
CVE-2026-31871 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters Critical
CVE-2026-31862 was published for @siteboon/claudecodeui (npm) Mar 11, 2026
toufik-airane Credited to toufik-airane and neo-ai-engineer neo-ai-engineer neo-ai-engineer
Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL Critical
CVE-2026-31856 was published for parse-server (npm) Mar 11, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
Parse Server: SQL injection via dot-notation field name in PostgreSQL Critical
CVE-2026-31840 was published for parse-server (npm) Mar 10, 2026
restriction Credited to restriction and mtrezza mtrezza mtrezza
n8n Vulnerable to Remote Code Execution via Expression Injection Critical
CVE-2025-68613 was published for n8n (npm) Dec 22, 2025
fatihhcelik Credited to fatihhcelik and yuvalo1212 yuvalo1212 yuvalo1212
Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services... Critical Unreviewed
CVE-2025-59793 was published Feb 17, 2026
There is a possible out of bounds write due to a missing bounds check. This could lead to local... Critical Unreviewed
CVE-2026-0124 was published Mar 10, 2026
Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148,... Critical Unreviewed
CVE-2026-2771 was published Feb 24, 2026
The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST... Critical Unreviewed
CVE-2026-2631 was published Mar 11, 2026
In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an... Critical Unreviewed
CVE-2026-0113 was published Mar 10, 2026
In modem, there is a possible out of bounds write due to an incorrect bounds check. This could... Critical Unreviewed
CVE-2026-0120 was published Mar 10, 2026
In __mfc_handle_released_buf of mfc_core_isr.c, there is a possible out of bounds write due to a... Critical Unreviewed
CVE-2026-0116 was published Mar 10, 2026
An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command... Critical Unreviewed
CVE-2025-70039 was published Mar 9, 2026
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was... Critical Unreviewed
CVE-2025-70046 was published Mar 9, 2026
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6... Critical Unreviewed
CVE-2026-30903 was published Mar 11, 2026
A vulnerability has been identified in the web-based management interface of AOS-CX switches that... Critical Unreviewed
CVE-2026-23813 was published Mar 11, 2026
In MM_DATA_IND of cn_NrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption.... Critical Unreviewed
CVE-2026-0110 was published Mar 10, 2026
In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an... Critical Unreviewed
CVE-2026-0111 was published Mar 10, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database