Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,440 advisories

Loading
An authentication bypass vulnerability has been identified in certain DSL series routers, may... Critical Unreviewed
CVE-2025-59367 was published Nov 13, 2025
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602... Critical Unreviewed
CVE-2021-4464 was published Nov 13, 2025
Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control... Critical Unreviewed
CVE-2025-46608 was published Nov 12, 2025
N-central < 2025.4 is vulnerable to authentication bypass via path traversal Critical Unreviewed
CVE-2025-11366 was published Nov 12, 2025
The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization Critical Unreviewed
CVE-2025-11367 was published Nov 12, 2025
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing... Critical Unreviewed
CVE-2025-12871 was published Nov 12, 2025
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing... Critical Unreviewed
CVE-2025-12870 was published Nov 12, 2025
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to... Critical Unreviewed
CVE-2025-60724 was published Nov 11, 2025
Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence... Critical Unreviewed
CVE-2025-13027 was published Nov 11, 2025
Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3  on windows allows local... Critical Unreviewed
CVE-2025-13032 was published Nov 11, 2025
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This... Critical Unreviewed
CVE-2025-13026 was published Nov 11, 2025
Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated... Critical Unreviewed
CVE-2025-8324 was published Nov 11, 2025
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information... Critical Unreviewed
CVE-2025-12539 was published Nov 11, 2025
The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in... Critical Unreviewed
CVE-2025-12813 was published Nov 11, 2025
The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2025-11170 was published Nov 11, 2025
The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress... Critical Unreviewed
CVE-2025-11457 was published Nov 11, 2025
SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or... Critical Unreviewed
CVE-2025-42890 was published Nov 11, 2025
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert... Critical Unreviewed
CVE-2025-42887 was published Nov 11, 2025
Employee Records System version 1.0 contains an unrestricted file upload vulnerability that... Critical Unreviewed
CVE-2021-4462 was published Nov 11, 2025
Soft Serve is vulnerable to SSRF through its Webhooks Critical
CVE-2025-64522 was published for github.com/charmbracelet/soft-serve (Go) Nov 10, 2025
Tomer-PL caarlos0
Credited to Tomer-PL and caarlos0
In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure... Critical Unreviewed
CVE-2025-64689 was published Nov 10, 2025
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw... Critical Unreviewed
CVE-2025-12480 was published Nov 10, 2025
New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability,... Critical Unreviewed
CVE-2025-12868 was published Nov 10, 2025
EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing... Critical Unreviewed
CVE-2025-12866 was published Nov 10, 2025
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a... Critical Unreviewed
CVE-2020-36870 was published Nov 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database