Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

371 advisories

Loading
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience... High Unreviewed
CVE-2025-34139 was published Jul 25, 2025
OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui... High Unreviewed
CVE-2023-41566 was published Jul 17, 2025
Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points Low
GHSA-phhq-63jg-fp7r was published for github.com/edgelesssys/contrast (Go) Jul 9, 2025
burgerdev katexochen
thomasten
Credited to burgerdev, katexochen, and thomasten
Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If... High Unreviewed
CVE-2025-49797 was published Jun 26, 2025
Gogs allows deletion of internal files which leads to remote command execution Critical
CVE-2024-56731 was published for gogs.io/gogs (Go) Jun 24, 2025
Ry0taK
Credited to Ry0taK
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when... Moderate Unreviewed
CVE-2025-0620 was published Jun 6, 2025
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified Critical Unreviewed
CVE-2025-40908 was published Jun 1, 2025
The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with... Moderate Unreviewed
CVE-2025-4634 was published May 30, 2025
Markdownify MCP Server allows attackers to read arbitrary files Moderate
CVE-2025-5273 was published for mcp-markdownify-server (npm) May 29, 2025
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap... Moderate Unreviewed
CVE-2025-48928 was published May 28, 2025
Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux... High Unreviewed
CVE-2025-4134 was published May 28, 2025
An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows... High Unreviewed
CVE-2025-45529 was published May 27, 2025
A vulnerability classified as critical was found in SourceCodester Client Database Management... Moderate Unreviewed
CVE-2025-4909 was published May 19, 2025
The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which... Moderate Unreviewed
CVE-2024-8031 was published May 15, 2025
A vulnerability was discovered in Pagure server. If a malicious user were to submit a git... High Unreviewed
CVE-2024-4981 was published May 12, 2025
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to... High Unreviewed
CVE-2025-32819 was published May 7, 2025
Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user... High Unreviewed
CVE-2025-1982 was published Apr 16, 2025
CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that... High Unreviewed
CVE-2025-2222 was published Apr 9, 2025
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear... Moderate Unreviewed
CVE-2025-2651 was published Mar 23, 2025
The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web... Moderate Unreviewed
CVE-2024-13126 was published Mar 16, 2025
The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused... High Unreviewed
CVE-2025-22369 was published Mar 11, 2025
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302... High Unreviewed
CVE-2025-25266 was published Mar 11, 2025
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302... Moderate Unreviewed
CVE-2025-25267 was published Mar 11, 2025
A files or directories accessible to external parties vulnerability has been reported to affect... Moderate Unreviewed
CVE-2024-48864 was published Mar 7, 2025
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as... Moderate Unreviewed
CVE-2025-2038 was published Mar 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database