Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,813 advisories

Loading
uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. Critical Unreviewed
CVE-2022-48620 was published Jan 12, 2024
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-4797 was published Jun 3, 2025
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length... Critical Unreviewed
CVE-2025-23099 was published Jun 2, 2025
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via... Critical Unreviewed
CVE-2023-48842 was published Dec 1, 2023
In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check.... Critical Unreviewed
CVE-2025-20672 was published Jun 2, 2025
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission... Critical Unreviewed
CVE-2025-20674 was published Jun 2, 2025
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in... Critical Unreviewed
CVE-2022-1609 was published Jan 16, 2024
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020... Critical Unreviewed
CVE-2025-5086 was published Jun 2, 2025
An authentication bypass vulnerability exists in HPE StoreOnce Software. Critical Unreviewed
CVE-2025-37093 was published Jun 2, 2025
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by... Critical Unreviewed
CVE-2025-49113 was published Jun 2, 2025
CodeIgniter arbitrary code execution Critical
CVE-2016-10131 was published for bcit-ci/codeigniter (Composer) May 17, 2022
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to... Critical Unreviewed
CVE-2023-27168 was published Jan 19, 2024
An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama... Critical Unreviewed
CVE-2025-1750 was published Jun 2, 2025
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower... Critical Unreviewed
CVE-2025-0324 was published Jun 2, 2025
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified Critical Unreviewed
CVE-2025-40908 was published Jun 1, 2025
A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL... Critical Unreviewed
CVE-2025-5408 was published Jun 2, 2025
The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-4607 was published May 31, 2025
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing... Critical Unreviewed
CVE-2025-4631 was published May 31, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4.... Critical Unreviewed
CVE-2025-31263 was published May 30, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 18.4,... Critical Unreviewed
CVE-2025-30466 was published May 30, 2025
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. ... Critical Unreviewed
CVE-2020-36846 was published May 30, 2025
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi... Critical Unreviewed
CVE-2025-44619 was published May 30, 2025
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c... Critical Unreviewed
CVE-2022-37434 was published Aug 6, 2022
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Critical Unreviewed
CVE-2022-40674 was published Sep 15, 2022
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation,... Critical Unreviewed
CVE-2024-6366 was published Jul 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database