Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,053
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Critical Unreviewed
CVE-2025-11749 was published Nov 5, 2025
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1... Critical Unreviewed
CVE-2025-29270 was published Oct 31, 2025
Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Critical Unreviewed
CVE-2025-12363 was published Oct 27, 2025
An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-61481 was published Oct 27, 2025
When switching between Android apps using the card carousel Firefox shows a black screen as its... Critical Unreviewed
CVE-2025-11717 was published Oct 14, 2025
A compromised web process using malicious IPC messages could have caused the privileged browser... Critical Unreviewed
CVE-2025-11710 was published Oct 14, 2025
The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-9209 was published Oct 3, 2025
The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information... Critical Unreviewed
CVE-2025-57441 was published Sep 22, 2025
The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an... Critical Unreviewed
CVE-2025-57437 was published Sep 22, 2025
The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7,... Critical Unreviewed
CVE-2025-43362 was published Sep 16, 2025
OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other... Critical Unreviewed
CVE-2025-22956 was published Sep 8, 2025
Argo CD's Project API Token Exposes Repository Credentials Critical
CVE-2025-55190 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 4, 2025
ntammineni5 34fathombelow
alexmt jannfis crenshaw-dev svghadi
Credited to ntammineni5, 34fathombelow, alexmt, jannfis, crenshaw-dev, and svghadi
Valtimo scripting engine can be used to gain access to sensitive data or resources Critical
CVE-2025-58059 was published for com.ritense.valtimo:core (Maven) Aug 28, 2025
Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to... Critical Unreviewed
CVE-2024-39335 was published Aug 26, 2025
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in... Critical Unreviewed
CVE-2025-7426 was published Aug 25, 2025
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid... Critical Unreviewed
CVE-2025-27845 was published Aug 14, 2025
An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service... Critical Unreviewed
CVE-2025-43986 was published Aug 13, 2025
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either... Critical Unreviewed
CVE-2025-30127 was published Aug 6, 2025
This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6... Critical Unreviewed
CVE-2025-43189 was published Jul 30, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-31279 was published Jul 30, 2025
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token Critical
CVE-2025-53624 was published for docusaurus-plugin-content-gists (npm) Jul 9, 2025
webbertakken
Credited to webbertakken
An unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep... Critical Unreviewed
CVE-2025-34084 was published Jul 9, 2025
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent... Critical Unreviewed
CVE-2025-34064 was published Jul 1, 2025
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and... Critical Unreviewed
CVE-2023-47029 was published Jun 23, 2025
An information disclosure vulnerability exists in Aquatronica Controller System firmware versions... Critical Unreviewed
CVE-2025-25037 was published Jun 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database