Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,992 advisories

Loading
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability High Unreviewed
CVE-2025-53787 was published Aug 7, 2025
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability Moderate Unreviewed
CVE-2025-53774 was published Aug 7, 2025
A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue... Moderate Unreviewed
CVE-2025-8697 was published Aug 7, 2025
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the... Moderate Unreviewed
CVE-2025-47188 was published Aug 7, 2025
Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api... High Unreviewed
CVE-2025-7769 was published Aug 6, 2025
A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to... Moderate Unreviewed
CVE-2025-8667 was published Aug 6, 2025
A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5.... Moderate Unreviewed
CVE-2025-8665 was published Aug 6, 2025
A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input... Moderate Unreviewed
CVE-2025-50688 was published Aug 5, 2025
A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U... Moderate Unreviewed
CVE-2025-45512 was published Aug 5, 2025
mcp-package-docs vulnerable to command injection in several tools High
CVE-2025-54073 was published for mcp-package-docs (npm) Aug 5, 2025
dellalibera
Credited to dellalibera
File Browser vulnerable to command execution allowlist bypass High
CVE-2025-52995 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
Credited to mtausig and hacdias
File Browser: Command Execution not Limited to Scope High
CVE-2025-52904 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
Credited to mtausig and hacdias
filebrowser Allows Shell Commands to Spawn Other Commands High
CVE-2025-52903 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig hacdias
Credited to mtausig and hacdias
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over... Critical Unreviewed
CVE-2025-32711 was published Jun 11, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Credited to JLLeitschuh
A vulnerability, which was classified as critical, was found in Vaelsys 4.1.0. This affects the... Moderate Unreviewed
CVE-2025-8259 was published Jul 28, 2025
A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows... Moderate Unreviewed
CVE-2025-25691 was published Jul 30, 2025
A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows... Moderate Unreviewed
CVE-2025-25692 was published Jul 30, 2025
An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary... Moderate Unreviewed
CVE-2025-45619 was published Jul 30, 2025
A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of... Critical Unreviewed
CVE-2024-13871 was published Mar 12, 2025
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as... High Unreviewed
CVE-2025-8244 was published Jul 28, 2025
tj-actions/branch-names has a Command Injection Vulnerability Critical
CVE-2025-54416 was published for tj-actions/branch-names (GitHub Actions) Jul 25, 2025
tutasla
Credited to tutasla
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a... Critical Unreviewed
CVE-2024-41783 was published Jan 19, 2025
An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute... High Unreviewed
CVE-2025-29628 was published Jul 25, 2025
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7... High Unreviewed
CVE-2014-9188 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database