Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,828
Erlang
36
GitHub Actions
33
Go
2,445
Maven
5,000+
npm
4,061
NuGet
723
pip
3,861
Pub
12
RubyGems
943
Rust
1,007
Swift
39
Unreviewed advisories
All unreviewed
5,000+

289,112 advisories

Loading
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability.... High Unreviewed
CVE-2021-34982 was published May 8, 2024
A vulnerability was found in code-projects Medical Store Management System 1.0. This issue... Moderate Unreviewed
CVE-2025-8930 was published Aug 14, 2025
A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability... Moderate Unreviewed
CVE-2025-8932 was published Aug 14, 2025
A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is... Moderate Unreviewed
CVE-2025-8931 was published Aug 14, 2025
In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific... Critical Unreviewed
CVE-2025-51451 was published Aug 13, 2025
In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a... Critical Unreviewed
CVE-2025-51452 was published Aug 13, 2025
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1... Moderate Unreviewed
CVE-2025-2895 was published Jun 30, 2025
IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6... Moderate Unreviewed
CVE-2023-38007 was published Jun 27, 2025
A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects... Moderate Unreviewed
CVE-2025-8928 was published Aug 14, 2025
A vulnerability has been found in code-projects Medical Store Management System 1.0. This... Moderate Unreviewed
CVE-2025-8929 was published Aug 14, 2025
Active Storage allowed transformation methods that were potentially unsafe High
CVE-2025-24293 was published for activestorage (RubyGems) Aug 14, 2025
Helm May Panic Due To Incorrect YAML Content Moderate
CVE-2025-55198 was published for helm.sh/helm/v3 (Go) Aug 14, 2025
jake-ciolek
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion Moderate
CVE-2025-55199 was published for helm.sh/helm/v3 (Go) Aug 14, 2025
jake-ciolek
OliveTin OS Command Injection vulnerability High
CVE-2025-50946 was published for github.com/OliveTin/OliveTin (Go) Aug 13, 2025
swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability Moderate
GHSA-xvr7-p2c6-j83w was published for github.com/apple/swift-nio-http2 (Swift) Aug 13, 2025
galbarnahum AnatBB
Apache Tomcat Session Fixation vulnerability Moderate
CVE-2025-55668 was published for org.apache.tomcat:tomcat-catalina (Maven) Aug 13, 2025
GitProxy New Branch Approval Exploit High
CVE-2025-54585 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada dgl
Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms High
CVE-2025-52392 was published for soosyze/soosyze (Composer) Aug 13, 2025
Apache Tomcat Improper Resource Shutdown or Release vulnerability High
CVE-2025-48989 was published for org.apache.tomcat:tomcat-coyote (Maven) Aug 13, 2025
m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials Critical
GHSA-x6gv-2rvh-qmp6 was published for BoldestDungeon/steam-workshop-deploy (GitHub Actions) Aug 13, 2025
Gamebuster19901
Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation Moderate
CVE-2025-8916 was published for org.bouncycastle:bcpkix-fips (Maven) Aug 13, 2025
Active Record logging vulnerable to ANSI escape injection Moderate
CVE-2025-55193 was published for activerecord (RubyGems) Aug 13, 2025
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size High
CVE-2025-48071 was published for OpenEXR (pip) Jul 31, 2025
suidpit TheZ3ro
ndaprela smaury
CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file Moderate Unreviewed
CVE-2025-52386 was published Aug 13, 2025
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password... Critical Unreviewed
CVE-2025-50251 was published Aug 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database