Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,769 advisories

Loading
An OS command injection vulnerability exists due to incomplete validation of user-supplied input... Critical Unreviewed
CVE-2025-64128 was published Nov 26, 2025
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied... Critical Unreviewed
CVE-2025-64127 was published Nov 26, 2025
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could... Critical Unreviewed
CVE-2025-64130 was published Nov 26, 2025
Improper neutralization of special elements used in an OS command ('command injection') in Cursor... Critical Unreviewed
CVE-2025-62354 was published Nov 26, 2025
An OS command injection vulnerability exists due to improper input validation. The application... Critical Unreviewed
CVE-2025-64126 was published Nov 26, 2025
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL... Critical Unreviewed
CVE-2025-65235 was published Nov 26, 2025
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection... Critical Unreviewed
CVE-2025-65236 was published Nov 26, 2025
Apache Druid’s Kerberos authenticator uses a weak fallback secret Critical
CVE-2025-59390 was published for org.apache.druid:druid (Maven) Nov 26, 2025
The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the ... Critical Unreviewed
CVE-2025-66266 was published Nov 26, 2025
Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni... Critical Unreviewed
CVE-2025-66255 was published Nov 26, 2025
Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66256 was published Nov 26, 2025
Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica... Critical Unreviewed
CVE-2025-66259 was published Nov 26, 2025
Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66250 was published Nov 26, 2025
Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66262 was published Nov 26, 2025
Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66261 was published Nov 26, 2025
Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p... Critical Unreviewed
CVE-2025-66253 was published Nov 26, 2025
Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni... Critical Unreviewed
CVE-2025-66257 was published Nov 26, 2025
Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges... Critical Unreviewed
CVE-2025-64656 was published Nov 26, 2025
Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to... Critical Unreviewed
CVE-2025-64657 was published Nov 26, 2025
The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-13597 was published Nov 26, 2025
The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing... Critical Unreviewed
CVE-2025-13595 was published Nov 26, 2025
libnftnl has Heap-based Buffer Overflow in nftnl::Batch::with_page_size (nftnl-rs) Critical
GHSA-2fjw-whxm-9v4q was published for nftnl (Rust) Nov 25, 2025
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material... Critical Unreviewed
CVE-2025-51742 was published Nov 25, 2025
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory... Critical Unreviewed
CVE-2025-51743 was published Nov 25, 2025
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to... Critical Unreviewed
CVE-2025-51745 was published Nov 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database