Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,490 advisories

Loading
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-10437 was published Nov 19, 2025
When the service of ABP and AES is installed in a directory writable by non-administrative users,... Critical Unreviewed
CVE-2025-13051 was published Nov 19, 2025
Modular Max Serve has Unsafe Deserialization vulnerability Critical
CVE-2025-60455 was published for modular (pip) Nov 18, 2025
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the... Critical Unreviewed
CVE-2021-25779 was published May 24, 2022
Eclipse Jersey has a Race Condition Critical
CVE-2025-12383 was published for org.glassfish.jersey.core:jersey-client (Maven) Nov 18, 2025
A command inject vulnerability allows an attacker to perform command injection on Windows... Critical Unreviewed
CVE-2024-3566 was published Apr 10, 2024
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads Critical
CVE-2025-65015 was published for joserfc (pip) Nov 18, 2025
ooliv
Credited to ooliv
A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation... Critical Unreviewed
CVE-2025-9312 was published Nov 18, 2025
The commissioning wizard on the affected devices does not validate if the device is already... Critical Unreviewed
CVE-2025-41733 was published Nov 18, 2025
An unauthenticated remote attacker can execute arbitrary php files and gain full access of the... Critical Unreviewed
CVE-2025-41734 was published Nov 18, 2025
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows... Critical Unreviewed
CVE-2025-41346 was published Nov 18, 2025
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious... Critical Unreviewed
CVE-2025-40549 was published Nov 18, 2025
A missing validation process exists in Serv U when abused, could give a malicious actor with... Critical Unreviewed
CVE-2025-40548 was published Nov 18, 2025
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with... Critical Unreviewed
CVE-2025-40547 was published Nov 18, 2025
A flaw was found in libsoup, which is vulnerable to a use-after-free memory issue not on the heap... Critical Unreviewed
CVE-2025-32911 was published Apr 15, 2025
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates... Critical Unreviewed
CVE-2025-48581 was published Sep 4, 2025
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7... Critical Unreviewed
CVE-2025-34044 was published Jun 26, 2025
An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version... Critical Unreviewed
CVE-2025-34049 was published Jun 26, 2025
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi... Critical Unreviewed
CVE-2025-34054 was published Jul 1, 2025
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of... Critical Unreviewed
CVE-2025-34039 was published Jun 26, 2025
An OS command injection vulnerability exists in various models of E-Series Linksys routers via... Critical Unreviewed
CVE-2025-34037 was published Jun 26, 2025
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware... Critical Unreviewed
CVE-2025-34042 was published Jun 26, 2025
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This... Critical Unreviewed
CVE-2018-4878 was published May 13, 2022
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management... Critical Unreviewed
CVE-2025-34046 was published Jun 26, 2025
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via... Critical Unreviewed
CVE-2016-4117 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database