Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,951
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,251
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,285 advisories

Loading
Code Injection in PHPUnit Critical
CVE-2017-9841 was published for phpunit/phpunit (Composer) Mar 26, 2022
donatj
Credited to donatj
Deserialization of Untrusted Data in Jenkins Critical
CVE-2017-1000353 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7600 was published for drupal/core (Composer) May 14, 2022
Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017,... Critical Unreviewed
CVE-2025-60772 was published Oct 21, 2025
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4... Critical Unreviewed
CVE-2025-25734 was published Aug 26, 2025
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an... Critical Unreviewed
CVE-2025-40657 was published Jun 10, 2025
A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on... Critical Unreviewed
CVE-2025-57870 was published Oct 22, 2025
AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated command injection... Critical Unreviewed
CVE-2016-15048 was published Oct 22, 2025
TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure. Critical Unreviewed
CVE-2025-56447 was published Oct 22, 2025
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST... Critical Unreviewed
CVE-2025-61757 was published Oct 21, 2025
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of... Critical Unreviewed
CVE-2025-53037 was published Oct 21, 2025
The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an... Critical Unreviewed
CVE-2025-41108 was published Oct 22, 2025
The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated... Critical Unreviewed
CVE-2025-41723 was published Oct 22, 2025
GNU Bash through 4.3 processes trailing strings after function definitions in the values of... Critical Unreviewed
CVE-2014-6271 was published May 13, 2022
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or... Critical Unreviewed
CVE-2014-6287 was published May 13, 2022
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component:... Critical Unreviewed
CVE-2025-61882 was published Oct 5, 2025
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed
CVE-2025-20337 was published Jul 16, 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used,... Critical Unreviewed
CVE-2025-54309 was published Jul 18, 2025
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes,... Critical Unreviewed
CVE-2025-47812 was published Jul 10, 2025
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor... Critical Unreviewed
CVE-2025-10035 was published Sep 19, 2025
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed
CVE-2025-20281 was published Jun 26, 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2025-25257 was published Jul 17, 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a... Critical Unreviewed
CVE-2025-32463 was published Jun 30, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration... Critical Unreviewed
CVE-2025-54253 was published Aug 5, 2025
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an... Critical Unreviewed
CVE-2025-53770 was published Jul 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database