Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,813 advisories

Loading
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects... Critical Unreviewed
CVE-2024-30223 was published Mar 28, 2024
The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5,... Critical Unreviewed
CVE-2022-32839 was published Aug 25, 2022
Windows Network File System Remote Code Execution Vulnerability. Critical Unreviewed
CVE-2022-34715 was published Aug 10, 2022
Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object... Critical Unreviewed
CVE-2025-48336 was published May 29, 2025
Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the... Critical Unreviewed
CVE-2025-4967 was published May 29, 2025
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted... Critical Unreviewed
CVE-2024-4180 was published Jun 4, 2024
Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded... Critical Unreviewed
CVE-2025-48748 was published May 29, 2025
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for... Critical Unreviewed
CVE-2022-28321 was published Sep 20, 2022
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2024-51360 was published May 23, 2025
vLLM Vulnerable to Remote Code Execution via Mooncake Integration Critical
CVE-2025-32444 was published for vllm (pip) Apr 29, 2025
kexinoh ShangmingCai
russellb
There is elevation of privilege. Critical Unreviewed
CVE-2023-21216 was published Dec 5, 2023
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s... Critical Unreviewed
CVE-2025-48047 was published May 29, 2025
Microsoft Outlook Remote Code Execution Vulnerability Critical Unreviewed
CVE-2024-21413 was published Feb 13, 2024
In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution. Critical Unreviewed
CVE-2022-41138 was published Sep 21, 2022
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to... Critical Unreviewed
CVE-2017-20148 was published Sep 21, 2022
A flaw was found in libsoup, which is vulnerable to a use-after-free memory issue not on the heap... Critical Unreviewed
CVE-2025-32911 was published Apr 15, 2025
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi... Critical Unreviewed
CVE-2025-3755 was published May 29, 2025
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open... Critical Unreviewed
CVE-2022-23126 was published Jan 25, 2022
Apache Ranger UI vulnerable to Server Side Request Forgery Critical
CVE-2024-45479 was published for org.apache.ranger:ranger (Maven) Jan 22, 2025
Netwrix Password Secure 9.2.0.32454 allows OS command injection. Critical Unreviewed
CVE-2025-26817 was published Apr 3, 2025
An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student... Critical Unreviewed
CVE-2023-41505 was published Mar 13, 2024
Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03... Critical Unreviewed
CVE-2025-48749 was published May 28, 2025
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution Critical
CVE-2025-32434 was published for pytorch (pip) Apr 18, 2025
azraelxuemo
Gogs vulnerable to Cross-site Scripting Critical
CVE-2022-32174 was published for gogs.io/gogs (Go) Oct 11, 2022
HashiCorp Vault vulnerable to incorrect metadata access Critical
CVE-2022-40186 was published for github.com/hashicorp/vault (Go) Sep 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database