Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,805 advisories

Loading
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability... Critical Unreviewed
CVE-2025-9276 was published Sep 2, 2025
rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path. Critical Unreviewed
CVE-2025-57140 was published Sep 2, 2025
In BootRom, there's a possible missing payload size check. This could lead to memory buffer... Critical Unreviewed
CVE-2022-38696 was published Sep 2, 2025
In BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This... Critical Unreviewed
CVE-2022-38692 was published Sep 2, 2025
In FDL1, there is a possible missing payload size check. This could lead to memory buffer... Critical Unreviewed
CVE-2022-38693 was published Sep 2, 2025
Missing Authorization vulnerability in Hamid Alinia Login with phone number.This issue affects... Critical Unreviewed
CVE-2024-32832 was published Aug 31, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management... Critical Unreviewed
CVE-2025-31100 was published Aug 31, 2025
TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the ... Critical Unreviewed
CVE-2024-46484 was published Aug 29, 2025
SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-44033 was published Aug 29, 2025
An improper authentication vulnerability has been reported to affect VioStor. If a remote... Critical Unreviewed
CVE-2025-52856 was published Aug 29, 2025
Clinic Image System developed by Changing contains hard-coded Credentials, allowing... Critical Unreviewed
CVE-2025-8857 was published Aug 29, 2025
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated... Critical Unreviewed
CVE-2025-8861 was published Aug 29, 2025
Valtimo scripting engine can be used to gain access to sensitive data or resources Critical
CVE-2025-58059 was published for com.ritense.valtimo:core (Maven) Aug 28, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-54720 was published Aug 28, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows... Critical Unreviewed
CVE-2025-54725 was published Aug 28, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster... Critical Unreviewed
CVE-2025-54738 was published Aug 28, 2025
D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command... Critical Unreviewed
CVE-2025-55583 was published Aug 28, 2025
Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager allows Object... Critical Unreviewed
CVE-2025-52761 was published Aug 28, 2025
Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin allows... Critical Unreviewed
CVE-2025-49388 was published Aug 28, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File... Critical Unreviewed
CVE-2025-49387 was published Aug 28, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-39496 was published Aug 28, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in extremeidea bidorbuy... Critical Unreviewed
CVE-2025-48100 was published Aug 28, 2025
SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated... Critical Unreviewed
CVE-2025-54762 was published Aug 28, 2025
SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated... Critical Unreviewed
CVE-2025-53970 was published Aug 28, 2025
NeuVector admin account has insecure default password Critical
CVE-2025-8077 was published for github.com/neuvector/neuvector (Go) Aug 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database