Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,413 advisories

Loading
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-11001 was published Nov 20, 2025
OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter High
CVE-2025-65103 was published for devcode-it/openstamanager (Composer) Nov 19, 2025
XY20130630
Credited to XY20130630
Claude Code vulnerable to command execution prior to startup trust dialog High
CVE-2025-65099 was published for @anthropic-ai/claude-code (npm) Nov 19, 2025
esm.sh CDN service has arbitrary file write via tarslip High
CVE-2025-65025 was published for github.com/esm-dev/esm.sh (Go) Nov 19, 2025
pyozzi-toss
Credited to pyozzi-toss
Astro vulnerable to reflected XSS via the server islands feature High
CVE-2025-64764 was published for astro (npm) Nov 19, 2025
cold-try
Credited to cold-try
The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000,... High Unreviewed
CVE-2025-63209 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... High Unreviewed
CVE-2025-34335 was published Nov 19, 2025
eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor... High Unreviewed
CVE-2025-34337 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... High Unreviewed
CVE-2025-34333 was published Nov 19, 2025
Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded... High Unreviewed
CVE-2025-13316 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are... High Unreviewed
CVE-2025-34334 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... High Unreviewed
CVE-2025-34331 was published Nov 19, 2025
A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of... High Unreviewed
CVE-2025-13400 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... High Unreviewed
CVE-2025-34332 was published Nov 19, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed
CVE-2025-10702 was published Nov 19, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect... High Unreviewed
CVE-2025-10703 was published Nov 19, 2025
Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0... High Unreviewed
CVE-2024-8527 was published Nov 19, 2025
The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session... High Unreviewed
CVE-2025-63219 was published Nov 19, 2025
An attacker with a Looker Developer role could manipulate a LookML project to exploit a race... High Unreviewed
CVE-2025-12472 was published Nov 19, 2025
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of... High Unreviewed
CVE-2025-11230 was published Nov 19, 2025
Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper... High Unreviewed
CVE-2025-11446 was published Nov 19, 2025
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6... High Unreviewed
CVE-2025-11243 was published Nov 19, 2025
Out-of-bounds Read in Shelly Pro 3EM (before v1.4.4) allows Overread Buffers. High Unreviewed
CVE-2025-12056 was published Nov 19, 2025
The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and... High Unreviewed
CVE-2025-12484 was published Nov 19, 2025
The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to,... High Unreviewed
CVE-2025-13035 was published Nov 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database