Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,660
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,396 advisories

Loading
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 ... High Unreviewed
CVE-2024-52273 was published Dec 4, 2024
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 ... High Unreviewed
CVE-2024-52274 was published Dec 4, 2024
A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical.... High Unreviewed
CVE-2024-4291 was published Apr 27, 2024
Apache InLong: JDBC Vulnerability during verification processing High
CVE-2025-27522 was published for org.apache.inlong:manager-pojo (Maven) May 28, 2025
image-size Denial of Service via Infinite Loop during Image Processing High
GHSA-m5qc-5hw7-8vg7 was published for image-size (npm) Apr 2, 2025
dellalibera TheFrankemon
Credited to dellalibera and TheFrankemon
Contrast workload secrets leak to logs on INFO level High
GHSA-h5f8-crrq-4pw8 was published for github.com/edgelesssys/contrast (Go) May 28, 2025
burgerdev katexochen
thomasten
Credited to burgerdev, katexochen, and thomasten
Spring Framework Path Traversal vulnerability High
CVE-2024-38819 was published for org.springframework:spring-webflux (Maven) Dec 19, 2024
joshbressers
Credited to joshbressers
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post'... High Unreviewed
CVE-2025-5287 was published May 28, 2025
An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0... High Unreviewed
CVE-2025-25251 was published May 28, 2025
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a... High Unreviewed
CVE-2025-4800 was published May 28, 2025
AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine... High Unreviewed
CVE-2024-6451 was published Aug 19, 2024
An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows... High Unreviewed
CVE-2025-45529 was published May 27, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-30870 was published Apr 1, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-30849 was published Apr 1, 2025
Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability.... High Unreviewed
CVE-2023-40486 was published May 3, 2024
Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability.... High Unreviewed
CVE-2023-40484 was published May 3, 2024
Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability.... High Unreviewed
CVE-2023-40485 was published May 3, 2024
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this... High Unreviewed
CVE-2025-4896 was published May 18, 2025
A vulnerability was found in Tenda A15 15.13.07.09/15.13.07.13. It has been classified as... High Unreviewed
CVE-2025-4897 was published May 19, 2025
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough,... High Unreviewed
CVE-2023-32215 was published Jun 2, 2023
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE ... High Unreviewed
CVE-2021-2388 was published May 24, 2022
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout... High Unreviewed
CVE-2022-35408 was published Sep 23, 2022
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the... High Unreviewed
CVE-2022-26873 was published Sep 21, 2022
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the... High Unreviewed
CVE-2022-40262 was published Sep 21, 2022
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which... High Unreviewed
CVE-2018-2398 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database