Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,490 advisories

Loading
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-10437 was published Nov 19, 2025
When the service of ABP and AES is installed in a directory writable by non-administrative users,... Critical Unreviewed
CVE-2025-13051 was published Nov 19, 2025
Modular Max Serve has Unsafe Deserialization vulnerability Critical
CVE-2025-60455 was published for modular (pip) Nov 18, 2025
Eclipse Jersey has a Race Condition Critical
CVE-2025-12383 was published for org.glassfish.jersey.core:jersey-client (Maven) Nov 18, 2025
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads Critical
CVE-2025-65015 was published for joserfc (pip) Nov 18, 2025
ooliv
Credited to ooliv
A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation... Critical Unreviewed
CVE-2025-9312 was published Nov 18, 2025
The commissioning wizard on the affected devices does not validate if the device is already... Critical Unreviewed
CVE-2025-41733 was published Nov 18, 2025
An unauthenticated remote attacker can execute arbitrary php files and gain full access of the... Critical Unreviewed
CVE-2025-41734 was published Nov 18, 2025
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows... Critical Unreviewed
CVE-2025-41346 was published Nov 18, 2025
A missing validation process exists in Serv U when abused, could give a malicious actor with... Critical Unreviewed
CVE-2025-40548 was published Nov 18, 2025
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious... Critical Unreviewed
CVE-2025-40549 was published Nov 18, 2025
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with... Critical Unreviewed
CVE-2025-40547 was published Nov 18, 2025
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in... Critical Unreviewed
CVE-2024-44659 was published Nov 17, 2025
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default... Critical Unreviewed
CVE-2025-63747 was published Nov 17, 2025
ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-13284 was published Nov 17, 2025
The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the... Critical Unreviewed
CVE-2025-9501 was published Nov 17, 2025
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no... Critical Unreviewed
CVE-2025-10460 was published Nov 17, 2025
TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd... Critical Unreviewed
CVE-2021-4470 was published Nov 15, 2025
General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded... Critical Unreviewed
CVE-2025-58083 was published Nov 15, 2025
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code... Critical Unreviewed
CVE-2024-28988 was published Nov 15, 2025
AstrBot is vulnerable to RCE with hard-coded JWT signing keys Critical
CVE-2025-55449 was published for astrbot (pip) Nov 14, 2025
Marven11 Raven95676
Soulter
Credited to Marven11, Raven95676, and Soulter
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54343 was published Nov 14, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54339 was published Nov 14, 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0... Critical Unreviewed
CVE-2025-64446 was published Nov 14, 2025
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments... Critical Unreviewed
CVE-2025-36096 was published Nov 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database