Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,774 advisories

Loading
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing... Critical Unreviewed
CVE-2025-4631 was published May 31, 2025
The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-4607 was published May 31, 2025
A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If... Critical Unreviewed
CVE-2025-2500 was published May 30, 2025
An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote... Critical Unreviewed
CVE-2025-48757 was published May 30, 2025
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi... Critical Unreviewed
CVE-2025-44619 was published May 30, 2025
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. ... Critical Unreviewed
CVE-2020-36846 was published May 30, 2025
Instantel Micromate lacks authentication on a configuration port which could allow an attacker to... Critical Unreviewed
CVE-2025-1907 was published May 30, 2025
The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and... Critical Unreviewed
CVE-2025-46352 was published May 30, 2025
The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even... Critical Unreviewed
CVE-2025-41438 was published May 30, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4.... Critical Unreviewed
CVE-2025-31263 was published May 30, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 18.4,... Critical Unreviewed
CVE-2025-30466 was published May 30, 2025
Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object... Critical Unreviewed
CVE-2025-48336 was published May 29, 2025
Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the... Critical Unreviewed
CVE-2025-4967 was published May 29, 2025
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses... Critical Unreviewed
CVE-2023-41591 was published May 29, 2025
Fabio allows HTTP clients to manipulate custom headers it adds Critical
CVE-2025-48865 was published for github.com/fabiolb/fabio (Go) May 29, 2025
47Cid
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s... Critical Unreviewed
CVE-2025-48047 was published May 29, 2025
Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded... Critical Unreviewed
CVE-2025-48748 was published May 29, 2025
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi... Critical Unreviewed
CVE-2025-3755 was published May 29, 2025
Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03... Critical Unreviewed
CVE-2025-48749 was published May 28, 2025
An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2025-45343 was published May 28, 2025
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to... Critical Unreviewed
CVE-2025-3357 was published May 28, 2025
aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that... Critical Unreviewed
CVE-2025-5277 was published May 28, 2025
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment` Critical
GHSA-phf6-hm3h-x8qp was published for broadinstitute/cromwell (GitHub Actions) May 28, 2025
darryk10 loresuso
AlbertoPellitteri
A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6... Critical Unreviewed
CVE-2025-22252 was published May 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database