Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,952
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,252
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,285 advisories

Loading
A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass... Critical Unreviewed
CVE-2025-56221 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote... Critical Unreviewed
CVE-2025-62645 was published Oct 17, 2025
Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`)... Critical Unreviewed
CVE-2025-11925 was published Oct 17, 2025
Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution Critical
GHSA-3g4j-r53p-22wx was published for flowise (npm) Oct 17, 2025 withdrawn
A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5... Critical Unreviewed
CVE-2025-60279 was published Oct 17, 2025
A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically... Critical Unreviewed
CVE-2025-57567 was published Oct 17, 2025
Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP... Critical Unreviewed
CVE-2025-8414 was published Oct 17, 2025
A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read... Critical Unreviewed
CVE-2025-62353 was published Oct 17, 2025
Keras framework vulnerable to deserialization of untrusted data Critical
CVE-2025-49655 was published for keras (pip) Oct 17, 2025
pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer Critical
CVE-2025-62515 was published for pyquokka (pip) Oct 17, 2025
Chenpinji
Credited to Chenpinji
Some versions of Hikvision's iSecure Center Product have an improper file upload control... Critical Unreviewed
CVE-2023-28814 was published Oct 17, 2025
Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation,... Critical Unreviewed
CVE-2023-28815 was published Oct 17, 2025
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network... Critical Unreviewed
CVE-2025-6949 was published Oct 17, 2025
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-11900 was published Oct 17, 2025
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability,... Critical Unreviewed
CVE-2025-11899 was published Oct 17, 2025
An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security... Critical Unreviewed
CVE-2025-6950 was published Oct 17, 2025
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network... Critical Unreviewed
CVE-2025-6893 was published Oct 17, 2025
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of... Critical Unreviewed
CVE-2025-11492 was published Oct 16, 2025
bagisto has CSV Formula Injection in Create New Product Critical
CVE-2025-62417 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
PrestaShop Checkout allows customer account takeover via email Critical
CVE-2025-61922 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o
Credited to iNem0o
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials... Critical Unreviewed
CVE-2025-34516 was published Oct 16, 2025
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection... Critical Unreviewed
CVE-2025-34513 was published Oct 16, 2025
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary... Critical Unreviewed
CVE-2025-34515 was published Oct 16, 2025
Due to an insufficient access control implementation in multiple WSO2 Products, authentication... Critical Unreviewed
CVE-2025-10611 was published Oct 16, 2025
An improper privilege management vulnerability exists in WSO2 API Manager due to missing... Critical Unreviewed
CVE-2025-9152 was published Oct 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database