Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

110,218 advisories

Loading
Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability... High Unreviewed
CVE-2012-10051 was published Aug 8, 2025
The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in... High Unreviewed
CVE-2025-4796 was published Aug 8, 2025
Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint.... High Unreviewed
CVE-2012-10048 was published Aug 8, 2025
Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog... High Unreviewed
CVE-2012-10042 was published Aug 8, 2025
A TLS vulnerability exists in the phone application used to manage a connected device. The phone... High Unreviewed
CVE-2025-8393 was published Aug 8, 2025
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external... High Unreviewed
CVE-2025-8355 was published Aug 8, 2025
The affected product allows firmware updates to be downloaded from EG4's website, transferred... High Unreviewed
CVE-2025-53520 was published Aug 8, 2025
The MOD3 command traffic between the monitoring application and the inverter is transmitted in... High Unreviewed
CVE-2025-52586 was published Aug 8, 2025
A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. It has... High Unreviewed
CVE-2025-8731 was published Aug 8, 2025
A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1... High Unreviewed
CVE-2025-52914 was published Aug 8, 2025
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the... High Unreviewed
CVE-2025-50465 was published Aug 8, 2025
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the... High Unreviewed
CVE-2025-50466 was published Aug 8, 2025
The AuthKit Remix Library renders sensitive auth data in HTML High
CVE-2025-55009 was published for @workos-inc/authkit-remix (npm) Aug 8, 2025
The AuthKit React Router Library rendered sensitive auth data in HTML High
CVE-2025-55008 was published for @workos-inc/authkit-react-router (npm) Aug 8, 2025
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges... High Unreviewed
CVE-2025-36119 was published Aug 8, 2025
A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as... High Unreviewed
CVE-2025-8730 was published Aug 8, 2025
The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This... High Unreviewed
CVE-2020-9322 was published Aug 8, 2025
OpenBao Root Namespace Operator May Elevate Token Privileges High
CVE-2025-54996 was published for github.com/openbao/openbao (Go) Aug 8, 2025
@fedify/fedify has Improper Authentication and Incorrect Authorization High
CVE-2025-54888 was published for @fedify/fedify (npm) Aug 8, 2025
allouis dahlia
Apache Seata: Deserialization of untrusted Data in Apache Seata Server High
CVE-2025-53606 was published for org.apache.seata:seata-serializer-fury (Maven) Aug 8, 2025
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to... High Unreviewed
CVE-2025-8088 was published Aug 8, 2025
MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A... High Unreviewed
CVE-2025-8748 was published Aug 8, 2025
The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a... High Unreviewed
CVE-2025-26513 was published Aug 7, 2025
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability High Unreviewed
CVE-2025-53787 was published Aug 7, 2025
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the... High Unreviewed
CVE-2025-47219 was published Aug 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database