Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,489
Maven
5,000+
npm
4,106
NuGet
735
pip
3,928
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,832 advisories

Loading
OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other... Critical Unreviewed
CVE-2025-22956 was published Sep 8, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue... Critical Unreviewed
CVE-2025-58997 was published Sep 9, 2025
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation... Critical Unreviewed
CVE-2025-54261 was published Sep 9, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-47569 was published Sep 9, 2025
Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects... Critical Unreviewed
CVE-2025-47579 was published Sep 9, 2025
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material... Critical Unreviewed
CVE-2025-32486 was published Sep 9, 2025
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an... Critical Unreviewed
CVE-2025-55232 was published Sep 9, 2025
A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4... Critical Unreviewed
CVE-2021-32024 was published Dec 14, 2021
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0,... Critical Unreviewed
CVE-2024-35213 was published Jun 11, 2024
A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified... Critical Unreviewed
CVE-2025-34522 was published Aug 28, 2025
A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect... Critical Unreviewed
CVE-2025-10183 was published Sep 9, 2025
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and... Critical Unreviewed
CVE-2025-54236 was published Sep 9, 2025
A heap-based buffer overflow vulnerability exists in the exists in the network-facing input... Critical Unreviewed
CVE-2025-34523 was published Aug 28, 2025
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-10134 was published Sep 9, 2025
A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions... Critical Unreviewed
CVE-2025-40804 was published Sep 9, 2025
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 ... Critical Unreviewed
CVE-2025-40795 was published Sep 9, 2025
SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw... Critical Unreviewed
CVE-2025-42922 was published Sep 9, 2025
Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the... Critical Unreviewed
CVE-2025-42958 was published Sep 9, 2025
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could... Critical Unreviewed
CVE-2025-42944 was published Sep 9, 2025
pREST has a Systemic SQL Injection Vulnerability Critical
CVE-2025-58450 was published for github.com/prest/prest/v2 (Go) Sep 8, 2025
v1ktor0t
A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows... Critical Unreviewed
CVE-2025-56267 was published Sep 8, 2025
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib... Critical Unreviewed
CVE-2025-57285 was published Sep 8, 2025
The AOD module has a vulnerability in permission assignment. Successful exploitation of this... Critical Unreviewed
CVE-2022-37003 was published Aug 11, 2022
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute... Critical Unreviewed
CVE-2025-56266 was published Sep 8, 2025
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to... Critical Unreviewed
CVE-2025-9114 was published Sep 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database