Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,783 advisories

Loading
An unauthenticated remote attacker can execute arbitrary php files and gain full access of the... Critical Unreviewed
CVE-2025-41734 was published Nov 18, 2025
The commissioning wizard on the affected devices does not validate if the device is already... Critical Unreviewed
CVE-2025-41733 was published Nov 18, 2025
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious... Critical Unreviewed
CVE-2025-40549 was published Nov 18, 2025
A missing validation process exists in Serv U when abused, could give a malicious actor with... Critical Unreviewed
CVE-2025-40548 was published Nov 18, 2025
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with... Critical Unreviewed
CVE-2025-40547 was published Nov 18, 2025
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in... Critical Unreviewed
CVE-2024-44659 was published Nov 17, 2025
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default... Critical Unreviewed
CVE-2025-63747 was published Nov 17, 2025
ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-13284 was published Nov 17, 2025
The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the... Critical Unreviewed
CVE-2025-9501 was published Nov 17, 2025
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no... Critical Unreviewed
CVE-2025-10460 was published Nov 17, 2025
TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd... Critical Unreviewed
CVE-2021-4470 was published Nov 15, 2025
General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded... Critical Unreviewed
CVE-2025-58083 was published Nov 15, 2025
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code... Critical Unreviewed
CVE-2024-28988 was published Nov 15, 2025
AstrBot is vulnerable to RCE with hard-coded JWT signing keys Critical
CVE-2025-55449 was published for astrbot (pip) Nov 14, 2025
Marven11 Raven95676
Soulter
Credited to Marven11, Raven95676, and Soulter
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54343 was published Nov 14, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54339 was published Nov 14, 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0... Critical Unreviewed
CVE-2025-64446 was published Nov 14, 2025
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments... Critical Unreviewed
CVE-2025-36096 was published Nov 14, 2025
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service ... Critical Unreviewed
CVE-2025-36250 was published Nov 14, 2025
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow... Critical Unreviewed
CVE-2025-36251 was published Nov 14, 2025
File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency Critical
GHSA-6jqf-mv7m-3q7p was published for github.com/filebrowser/filebrowser/v2 (Go) Nov 13, 2025
Francesco-Bellomi hacdias
Credited to Francesco-Bellomi and hacdias
Milvus Proxy has a Critical Authentication Bypass Vulnerability Critical
CVE-2025-64513 was published for github.com/milvus-io/milvus (Go) Nov 13, 2025
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode Critical
CVE-2025-12762 was published for pgadmin4 (pip) Nov 13, 2025
jonbally
Credited to jonbally
An authentication bypass vulnerability has been identified in certain DSL series routers, may... Critical Unreviewed
CVE-2025-59367 was published Nov 13, 2025
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602... Critical Unreviewed
CVE-2021-4464 was published Nov 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database