Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,048 advisories

Loading
Kyverno's Improper JMESPath Variable Evaluation Lead to Denial of Service High
CVE-2025-47281 was published for github.com/kyverno/kyverno (Go) Jul 22, 2025
thevilledev
Credited to thevilledev
The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... High Unreviewed
CVE-2025-6585 was published Jul 22, 2025
HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service High
CVE-2025-54134 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
Credited to asareynolds
Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access High
CVE-2025-50151 was published for org.apache.jena:jena (Maven) Jul 21, 2025
A command injection vulnerability exists in LILIN LILIN Digital Video Recorder (DVR) devices... High Unreviewed
CVE-2025-34129 was published Jul 17, 2025
A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod... High Unreviewed
CVE-2025-34124 was published Jul 17, 2025
A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when... High Unreviewed
CVE-2025-34123 was published Jul 16, 2025
A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07,... High Unreviewed
CVE-2025-34118 was published Jul 16, 2025
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204... High Unreviewed
CVE-2025-6558 was published Jul 15, 2025
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via... High Unreviewed
CVE-2025-34116 was published Jul 15, 2025
An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4... High Unreviewed
CVE-2025-34113 was published Jul 15, 2025
An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via... High Unreviewed
CVE-2025-34115 was published Jul 15, 2025
A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse... High Unreviewed
CVE-2025-34108 was published Jul 15, 2025
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate... High Unreviewed
CVE-2024-42516 was published Jul 10, 2025
A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE... High Unreviewed
CVE-2025-6377 was published Jul 9, 2025
A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE... High Unreviewed
CVE-2025-6376 was published Jul 9, 2025
Improper input validation in SQL Server allows an unauthorized attacker to disclose information... High Unreviewed
CVE-2025-49719 was published Jul 8, 2025
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate... High Unreviewed
CVE-2025-47982 was published Jul 8, 2025
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected... High Unreviewed
CVE-2025-40593 was published Jul 8, 2025
A local attacker with a local user account can leverage a vulnerable script via SSH to escalate... High Unreviewed
CVE-2025-24005 was published Jul 8, 2025
An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400.... High Unreviewed
CVE-2025-26780 was published Jul 7, 2025
A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the... High Unreviewed
CVE-2025-34031 was published Jun 26, 2025
An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded... High Unreviewed
CVE-2025-34033 was published Jun 26, 2025
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL... High Unreviewed
CVE-2025-34048 was published Jun 26, 2025
A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing... High Unreviewed
CVE-2025-34047 was published Jun 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database