Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,753
Maven
5,000+
npm
4,359
NuGet
765
pip
4,126
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,781 advisories

Loading
In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to... Critical Unreviewed
CVE-2024-47856 was published Nov 25, 2025
A Directory Traversal vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54347 was published Nov 25, 2025
LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction Critical
GHSA-rj4j-2jph-gg43 was published for github.com/lf-edge/ekuiper/v2 (Go) Nov 24, 2025
odaysec ptrgits
Credited to odaysec and ptrgits
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR... Critical Unreviewed
CVE-2018-25126 was published Nov 24, 2025
Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi... Critical Unreviewed
CVE-2023-7330 was published Nov 24, 2025
MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (... Critical Unreviewed
CVE-2025-63958 was published Nov 24, 2025
iStats contains an insecure XPC service that allows local, unprivileged users to escalate their... Critical Unreviewed
CVE-2025-11921 was published Nov 24, 2025
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs... Critical Unreviewed
CVE-2025-12977 was published Nov 24, 2025
Grafana Incorrect Privilege Assignment vulnerability Critical
CVE-2025-41115 was published for github.com/grafana/grafana (Go) Nov 21, 2025
cdupuis
Credited to cdupuis
The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9... Critical Unreviewed
CVE-2025-11127 was published Nov 21, 2025
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-11456 was published Nov 21, 2025
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict... Critical Unreviewed
CVE-2025-64310 was published Nov 21, 2025
Azure Bastion Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-49752 was published Nov 21, 2025
Microsoft SharePoint Online Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-59245 was published Nov 21, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability... Critical Unreviewed
CVE-2025-10571 was published Nov 20, 2025
BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly... Critical Unreviewed
CVE-2025-34320 was published Nov 20, 2025
md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter Critical
CVE-2025-65108 was published for md-to-pdf (npm) Nov 20, 2025
Prodigysec
Credited to Prodigysec
@hpke/core reuses AEAD nonces Critical
CVE-2025-64767 was published for @hpke/core (npm) Nov 20, 2025
panva
Credited to panva
An attacker could take over a Looker account in a Looker instance configured with OIDC... Critical Unreviewed
CVE-2025-12414 was published Nov 20, 2025
The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code... Critical Unreviewed
CVE-2025-63213 was published Nov 19, 2025
An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface,... Critical Unreviewed
CVE-2025-63206 was published Nov 19, 2025
The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is... Critical Unreviewed
CVE-2025-63210 was published Nov 19, 2025
The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to... Critical Unreviewed
CVE-2025-63207 was published Nov 19, 2025
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An... Critical Unreviewed
CVE-2025-13315 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed
CVE-2025-34328 was published Nov 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database