Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,577 advisories

Loading
Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if... High Unreviewed
CVE-2025-40836 was published Sep 25, 2025
AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input... Moderate Unreviewed
CVE-2024-33659 was published Feb 11, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for... High Unreviewed
CVE-2025-52544 was published Oct 1, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input... High Unreviewed
CVE-2025-52547 was published Oct 1, 2025
An improper input validation vulnerability was discovered in Avaya IP Office that could allow... Critical Unreviewed
CVE-2024-4196 was published Jun 25, 2024
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on... Moderate Unreviewed
CVE-2024-41886 was published Dec 24, 2024
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on... Moderate Unreviewed
CVE-2024-41887 was published Dec 24, 2024
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
joshbressers
Credited to joshbressers
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-2165 was published Apr 9, 2024
An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6... High Unreviewed
CVE-2020-27337 was published May 24, 2022
An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6... Moderate Unreviewed
CVE-2020-27336 was published May 24, 2022
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders Moderate
CVE-2025-59940 was published for mkdocs-include-markdown-plugin (pip) Sep 29, 2025
mondeja
Credited to mondeja
MinIO Java Client XML Tag Value Substitution Vulnerability High
CVE-2025-59952 was published for io.minio:minio (Maven) Sep 29, 2025
Tanguy-Boisset pyguerder
Credited to Tanguy-Boisset and pyguerder
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data... High Unreviewed
CVE-2024-39948 was published Jul 31, 2024
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data... High Unreviewed
CVE-2024-39950 was published Jul 31, 2024
A vulnerability has been found in Dahua products.Attackers can send carefully crafted data... High Unreviewed
CVE-2024-39944 was published Jul 31, 2024
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data... High Unreviewed
CVE-2024-39949 was published Jul 31, 2024
IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the... Moderate Unreviewed
CVE-2024-52903 was published May 2, 2025
IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a... Moderate Unreviewed
CVE-2024-47102 was published Dec 25, 2024
A vulnerability was detected in pmTicket Project-Management-Software up to... Moderate Unreviewed
CVE-2025-11135 was published Sep 29, 2025
Grafana-Zabbix ReDoS vulnerability Moderate
CVE-2025-10630 was published for github.com/alexanderzobnin/grafana-zabbix (Go) Sep 19, 2025
A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997.... Moderate Unreviewed
CVE-2025-10975 was published Sep 26, 2025
A vulnerability has been found in giantspatula SewKinect up to... Moderate Unreviewed
CVE-2025-10974 was published Sep 26, 2025
A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue... Moderate Unreviewed
CVE-2025-10965 was published Sep 25, 2025
ml-logger deserialization vulnerability Low
CVE-2025-10950 was published for ml-logger (pip) Sep 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database