Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

917 advisories

Loading
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the... Critical Unreviewed
CVE-2025-64385 was published Oct 31, 2025
HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web... Critical Unreviewed
CVE-2024-30110 was published Oct 30, 2025
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public... Critical Unreviewed
CVE-2025-61235 was published Oct 28, 2025
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload... Critical Unreviewed
CVE-2025-27224 was published Oct 27, 2025
Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19... Critical Unreviewed
CVE-2025-12275 was published Oct 26, 2025
Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Critical Unreviewed
CVE-2025-12285 was published Oct 26, 2025
Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU... Critical Unreviewed
CVE-2025-12001 was published Oct 21, 2025
Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP... Critical Unreviewed
CVE-2025-8414 was published Oct 17, 2025
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning Critical
CVE-2025-59823 was published for github.com/gardener/gardener-extension-provider-aws (Go) Sep 25, 2025
petersutter kon-angelo
hebelsan JordanJordanov donistz
Credited to petersutter, kon-angelo, hebelsan, JordanJordanov, and donistz
Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script... Critical Unreviewed
CVE-2025-57644 was published Sep 22, 2025
Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch Critical
GHSA-j424-mc44-f4hj was published for picklescan (pip) Sep 17, 2025 withdrawn
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 26, watchOS... Critical Unreviewed
CVE-2025-43347 was published Sep 16, 2025
A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26... Critical Unreviewed
CVE-2025-43342 was published Sep 16, 2025
Picklescan Bypass is Possible via File Extension Mismatch Critical
CVE-2025-10155 was published for picklescan (pip) Sep 10, 2025
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation Critical
CVE-2025-54123 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Credited to Kr1shna4garwal
Magento Community Edition Improper Input Validation vulnerability Critical
CVE-2025-54236 was published for magento/community-edition (Composer) Sep 9, 2025
Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34161 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS)... Critical Unreviewed
CVE-2025-34157 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34159 was published Aug 27, 2025
Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified... Critical Unreviewed
CVE-2025-34158 was published Aug 21, 2025
sha.js is missing type checks leading to hash rewind and passing on crafted data Critical
CVE-2025-9288 was published for sha.js (npm) Aug 21, 2025
ChALkeR
Credited to ChALkeR
cipher-base is missing type checks, leading to hash rewind and passing on crafted data Critical
CVE-2025-9287 was published for cipher-base (npm) Aug 21, 2025
ChALkeR ljharb
Credited to ChALkeR and ljharb
A security issue exists due to improper handling of malformed CIP Forward Close packets during... Critical Unreviewed
CVE-2025-7693 was published Aug 18, 2025
A vulnerability has been found in the  MSoft MFlash application that allows execution of... Critical Unreviewed
CVE-2025-9060 was published Aug 15, 2025
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This... Critical Unreviewed
CVE-2025-8876 was published Aug 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database