Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,489
Maven
5,000+
npm
4,105
NuGet
735
pip
3,927
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,419 advisories

Loading
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2025-10134 was published Sep 9, 2025
A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions... Critical Unreviewed
CVE-2025-40804 was published Sep 9, 2025
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 ... Critical Unreviewed
CVE-2025-40795 was published Sep 9, 2025
SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw... Critical Unreviewed
CVE-2025-42922 was published Sep 9, 2025
Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the... Critical Unreviewed
CVE-2025-42958 was published Sep 9, 2025
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could... Critical Unreviewed
CVE-2025-42944 was published Sep 9, 2025
A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows... Critical Unreviewed
CVE-2025-56267 was published Sep 8, 2025
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib... Critical Unreviewed
CVE-2025-57285 was published Sep 8, 2025
The AOD module has a vulnerability in permission assignment. Successful exploitation of this... Critical Unreviewed
CVE-2022-37003 was published Aug 11, 2022
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute... Critical Unreviewed
CVE-2025-56266 was published Sep 8, 2025
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to... Critical Unreviewed
CVE-2025-9114 was published Sep 8, 2025
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type... Critical Unreviewed
CVE-2025-9113 was published Sep 8, 2025
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could... Critical Unreviewed
CVE-2025-49217 was published Jun 17, 2025
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could... Critical Unreviewed
CVE-2025-49213 was published Jun 17, 2025
An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could... Critical Unreviewed
CVE-2025-49219 was published Jun 17, 2025
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication... Critical Unreviewed
CVE-2024-8956 was published Sep 17, 2024
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could... Critical Unreviewed
CVE-2025-49212 was published Jun 17, 2025
An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could... Critical Unreviewed
CVE-2025-49220 was published Jun 17, 2025
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control... Critical Unreviewed
CVE-2025-59033 was published Sep 8, 2025
Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross... Critical Unreviewed
CVE-2025-52161 was published Sep 8, 2025
cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer... Critical Unreviewed
CVE-2025-57052 was published Sep 3, 2025
Elevation of Privilege Critical Unreviewed
CVE-2025-36890 was published Sep 4, 2025
Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1... Critical Unreviewed
CVE-2023-21467 was published Sep 8, 2025
rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc. Critical Unreviewed
CVE-2025-57141 was published Sep 8, 2025
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal.... Critical Unreviewed
CVE-2025-5993 was published Sep 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database