Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,577 advisories

Loading
Llama Stack could potentially allow for remote code execution Moderate
CVE-2025-55178 was published for llama-stack (pip) Sep 24, 2025
Memory corruption while processing data sent by FE driver. High Unreviewed
CVE-2025-47314 was published Sep 24, 2025
Improper input validation in the system management mode (SMM) could allow a privileged attacker... High Unreviewed
CVE-2024-21947 was published Sep 6, 2025
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM,... High Unreviewed
CVE-2023-31342 was published Feb 12, 2025
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM,... High Unreviewed
CVE-2023-31343 was published Feb 12, 2025
Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows®... Moderate Unreviewed
CVE-2024-21971 was published Feb 12, 2025
Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow... High Unreviewed
CVE-2024-36342 was published Sep 6, 2025
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker... High Unreviewed
CVE-2024-36354 was published Sep 6, 2025
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM,... High Unreviewed
CVE-2023-31345 was published Feb 12, 2025
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account... High Unreviewed
CVE-2025-34045 was published Jun 26, 2025
A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices... Critical Unreviewed
CVE-2014-125117 was published Jul 25, 2025
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and... Critical Unreviewed
CVE-2025-34024 was published Jun 20, 2025
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another Moderate
CVE-2025-59160 was published for matrix-js-sdk (npm) Sep 16, 2025
cai0duque
Credited to cai0duque
DNN allows loading unused themes on anonymous clients through query parameters Moderate
CVE-2025-59535 was published for DotNetNuke.Core (NuGet) Sep 22, 2025
6TELOIV bdukes
valadas
Credited to 6TELOIV, bdukes, and valadas
Codex has sandbox bypass due to bug in path configuration logic High
CVE-2025-59532 was published for @openai/codex (npm) Sep 19, 2025
Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script... Critical Unreviewed
CVE-2025-57644 was published Sep 22, 2025
Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-58114 was published Sep 19, 2025
Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length Moderate
CVE-2025-23041 was published for Umbraco.Forms (NuGet) Jan 14, 2025
RGV2ZWxvcGVy
Credited to RGV2ZWxvcGVy
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate... Moderate Unreviewed
CVE-2014-0762 was published May 17, 2022
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a... High Unreviewed
CVE-2014-0761 was published May 17, 2022
Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34161 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34159 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS)... Critical Unreviewed
CVE-2025-34157 was published Aug 27, 2025
An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to... High Unreviewed
CVE-2025-57528 was published Sep 19, 2025
Picklescan Bypass is Possible via File Extension Mismatch Critical
CVE-2025-10155 was published for picklescan (pip) Sep 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database