Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

306,561 advisories

Loading
A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This... Moderate Unreviewed
CVE-2025-14637 was published Dec 13, 2025
A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted... Moderate Unreviewed
CVE-2025-14644 was published Dec 14, 2025
A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected... Moderate Unreviewed
CVE-2025-14643 was published Dec 14, 2025
A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this... Moderate Unreviewed
CVE-2025-14585 was published Dec 13, 2025
Dolibarr Application Home Page has HTML injection vulnerability High
CVE-2024-23817 was published for dolibarr/dolibarr (Composer) Apr 18, 2024
saimanikanta1992
Credited to saimanikanta1992
Weaviate OSS has path traversal vulnerability via the Shard Movement API High
CVE-2025-67819 was published for github.com/weaviate/weaviate (Go) Dec 12, 2025
Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip High
CVE-2025-67818 was published for github.com/weaviate/weaviate (Go) Dec 12, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality Moderate
CVE-2025-34430 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
Algernon Cross-Site Scripting vulnerability Moderate
CVE-2025-65754 was published for github.com/xyproto/algernon (Go) Dec 10, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality High
CVE-2025-34410 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
Zitadel Discloses the Total Number of Instance Users Moderate
CVE-2025-67717 was published for github.com/zitadel/zitadel (Go) Dec 10, 2025
IAM-marco livio-a
Credited to IAM-marco and livio-a
Gogs vulnerable to a bypass of CVE-2024-55947 High
CVE-2025-8110 was published for gogs.io/gogs (Go) Dec 10, 2025
gardenctl is vulnerable to Command Injection when used with non‑POSIX shells High
CVE-2025-67508 was published for github.com/gardener/gardenctl-v2 (Go) Dec 11, 2025
petersutter donistz
JordanJordanov HeckEK
Credited to petersutter, donistz, JordanJordanov, and HeckEK
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. High Unreviewed
CVE-2019-20388 was published May 24, 2022
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Moderate Unreviewed
CVE-2025-66115 was published Nov 21, 2025
Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This... Moderate Unreviewed
CVE-2024-27950 was published Mar 1, 2024
Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-67573 was published Dec 9, 2025
Multiple memory corruption issues were addressed with improved input validation. This issue is... Low Unreviewed
CVE-2025-43533 was published Dec 17, 2025
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2,... Low Unreviewed
CVE-2025-43531 was published Dec 17, 2025
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18... Moderate Unreviewed
CVE-2025-43535 was published Dec 17, 2025
The Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken... Critical Unreviewed
CVE-2025-63221 was published Nov 19, 2025
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for... Moderate Unreviewed
CVE-2018-15473 was published May 13, 2022
Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows... Moderate Unreviewed
CVE-2025-64248 was published Dec 16, 2025
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access... Moderate Unreviewed
CVE-2018-20685 was published May 13, 2022
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of... High Unreviewed
CVE-2016-1762 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database