Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,981 advisories

Loading
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution ... High Unreviewed
CVE-2025-60801 was published Oct 24, 2025
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact... Moderate Unreviewed
CVE-2025-54964 was published Oct 23, 2025
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the... Critical Unreviewed
CVE-2025-58428 was published Oct 23, 2025
A high privileged remote attacker can influence the parameters passed to the openssl command due... Low Unreviewed
CVE-2025-41721 was published Oct 22, 2025
Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled... Moderate Unreviewed
CVE-2025-56799 was published Oct 21, 2025
NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow Critical
CVE-2025-54469 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code... Moderate Unreviewed
CVE-2025-57521 was published Oct 21, 2025
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command... Critical Unreviewed
CVE-2025-10020 was published Oct 21, 2025
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability... Moderate Unreviewed
CVE-2025-62696 was published Oct 21, 2025
Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update... Moderate Unreviewed
CVE-2025-60855 was published Oct 16, 2025
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows... Moderate Unreviewed
CVE-2025-61514 was published Oct 16, 2025
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a... Moderate Unreviewed
CVE-2025-58132 was published Oct 15, 2025
Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages High
CVE-2025-34267 was published for flowise (npm) Oct 14, 2025
A vulnerability in the web-based management interface of network access point configuration... High Unreviewed
CVE-2025-37146 was published Oct 14, 2025
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller... High Unreviewed
CVE-2025-37133 was published Oct 14, 2025
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller... High Unreviewed
CVE-2025-37134 was published Oct 14, 2025
An authenticated command injection vulnerability exists in the command line interface binary of... Moderate Unreviewed
CVE-2025-37138 was published Oct 14, 2025
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events Low
GHSA-6fgx-x7m2-74qm was published for tracexec (Rust) Oct 13, 2025
kxxt
Credited to kxxt
A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function... Moderate Unreviewed
CVE-2025-11665 was published Oct 13, 2025
An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of... Moderate Unreviewed
CVE-2025-60268 was published Oct 10, 2025
An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code... Moderate Unreviewed
CVE-2025-60838 was published Oct 10, 2025
Copilot Spoofing Vulnerability Moderate Unreviewed
CVE-2025-59272 was published Oct 9, 2025
M365 Copilot Spoofing Vulnerability Moderate Unreviewed
CVE-2025-59252 was published Oct 9, 2025
Copilot Spoofing Vulnerability Moderate Unreviewed
CVE-2025-59286 was published Oct 9, 2025
An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart... Moderate Unreviewed
CVE-2025-56426 was published Oct 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database