GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,751
Composer 4,748
Erlang 35
GitHub Actions 29
Go 2,321
Maven 5,605
npm 3,955
NuGet 712
pip 3,736
Pub 12
RubyGems 921
Rust 972
Swift 38

Unreviewed advisories

All unreviewed 257,943

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

25,813 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure ... Critical Unreviewed

CVE-2025-20286 was published Jun 4, 2025

A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE... Critical Unreviewed

CVE-2025-20188 was published May 7, 2025

billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function... Critical Unreviewed

CVE-2025-49223 was published Jun 4, 2025

An arbitrary file upload vulnerability in the component /server/executeExec of JEHC-BPM v2.0.1... Critical Unreviewed

CVE-2025-45854 was published Jun 3, 2025

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer... Critical Unreviewed

CVE-2024-38541 was published Jun 19, 2024

Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve... Critical Unreviewed

CVE-2025-5598 was published Jun 4, 2025

Improper Authentication vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows... Critical Unreviewed

CVE-2025-5597 was published Jun 4, 2025

This vulnerability allows the successful attacker to gain unauthorized access to a configuration... Critical Unreviewed

CVE-2024-13967 was published Jun 4, 2025

A session management vulnerability exists in Apache Roller before version 6.1.5 where active user... Critical Unreviewed

CVE-2025-24859 was published Apr 14, 2025

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter... Critical Unreviewed

CVE-2025-4517 was published Jun 3, 2025

An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary... Critical Unreviewed

CVE-2024-23741 was published Jan 28, 2024

Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions ... Critical Unreviewed

CVE-2024-12718 was published Jun 3, 2025

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed

CVE-2023-51812 was published Jan 4, 2024

The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a... Critical Unreviewed

CVE-2021-42949 was published Sep 17, 2022

The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation... Critical Unreviewed

CVE-2022-39008 was published Sep 17, 2022

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0... Critical Unreviewed

CVE-2025-25022 was published Jun 3, 2025

Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to... Critical Unreviewed

CVE-2025-44148 was published Jun 3, 2025

In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result... Critical Unreviewed

CVE-2025-32106 was published Jun 3, 2025

A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an... Critical Unreviewed

CVE-2025-32105 was published Jun 3, 2025

The location module has a vulnerability of bypassing permission verification.Successful... Critical Unreviewed

CVE-2022-39007 was published Sep 17, 2022

The router console is accessible without authentication at "data" field, and while a user needs... Critical Unreviewed

CVE-2023-49255 was published Jan 12, 2024

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE)... Critical Unreviewed

CVE-2023-52031 was published Jan 11, 2024

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because... Critical Unreviewed

CVE-2023-50982 was published Jan 8, 2024

The WLAN module has a vulnerability in permission verification. Successful exploitation of this... Critical Unreviewed

CVE-2022-39009 was published Sep 17, 2022

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5... Critical Unreviewed

CVE-2023-39336 was published Jan 9, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

25,813 advisories