GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,744
Composer 4,746
Erlang 35
GitHub Actions 29
Go 2,319
Maven 5,603
npm 3,955
NuGet 712
pip 3,736
Pub 12
RubyGems 920
Rust 972
Swift 38

Unreviewed advisories

All unreviewed 257,832

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

25,803 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an... Critical Unreviewed

CVE-2025-32105 was published Jun 3, 2025

The location module has a vulnerability of bypassing permission verification.Successful... Critical Unreviewed

CVE-2022-39007 was published Sep 17, 2022

The router console is accessible without authentication at "data" field, and while a user needs... Critical Unreviewed

CVE-2023-49255 was published Jan 12, 2024

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE)... Critical Unreviewed

CVE-2023-52031 was published Jan 11, 2024

The WLAN module has a vulnerability in permission verification. Successful exploitation of this... Critical Unreviewed

CVE-2022-39009 was published Sep 17, 2022

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5... Critical Unreviewed

CVE-2023-39336 was published Jan 9, 2024

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because... Critical Unreviewed

CVE-2023-50982 was published Jan 8, 2024

uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. Critical Unreviewed

CVE-2022-48620 was published Jan 12, 2024

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed

CVE-2025-4797 was published Jun 3, 2025

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length... Critical Unreviewed

CVE-2025-23099 was published Jun 2, 2025

D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via... Critical Unreviewed

CVE-2023-48842 was published Dec 1, 2023

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check.... Critical Unreviewed

CVE-2025-20672 was published Jun 2, 2025

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission... Critical Unreviewed

CVE-2025-20674 was published Jun 2, 2025

The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in... Critical Unreviewed

CVE-2022-1609 was published Jan 16, 2024

A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020... Critical Unreviewed

CVE-2025-5086 was published Jun 2, 2025

An authentication bypass vulnerability exists in HPE StoreOnce Software. Critical Unreviewed

CVE-2025-37093 was published Jun 2, 2025

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by... Critical Unreviewed

CVE-2025-49113 was published Jun 2, 2025

CodeIgniter arbitrary code execution Critical

CVE-2016-10131 was published for bcit-ci/codeigniter (Composer) May 17, 2022

An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to... Critical Unreviewed

CVE-2023-27168 was published Jan 19, 2024

An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama... Critical Unreviewed

CVE-2025-1750 was published Jun 2, 2025

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower... Critical Unreviewed

CVE-2025-0324 was published Jun 2, 2025

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified Critical Unreviewed

CVE-2025-40908 was published Jun 1, 2025

A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL... Critical Unreviewed

CVE-2025-5408 was published Jun 2, 2025

The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed

CVE-2025-4607 was published May 31, 2025

The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing... Critical Unreviewed

CVE-2025-4631 was published May 31, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

25,803 advisories