Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,803 advisories

Loading
Auth0 Wordpress Plugin vulnerable to Deserialization of Untrusted Data Critical
GHSA-862m-5253-832r was published for auth0/wordpress (Composer) Jun 5, 2025
A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by... Critical Unreviewed
CVE-2025-5622 was published Jun 5, 2025
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This... Critical Unreviewed
CVE-2025-5623 was published Jun 5, 2025
Auth0-PHP SDK Deserialization of Untrusted Data vulnerability Critical
CVE-2025-48951 was published for auth0/auth0-php (Composer) Jun 4, 2025
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu... Critical Unreviewed
CVE-2025-5600 was published Jun 4, 2025
A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure ... Critical Unreviewed
CVE-2025-20286 was published Jun 4, 2025
Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve... Critical Unreviewed
CVE-2025-5598 was published Jun 4, 2025
Improper Authentication vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows... Critical Unreviewed
CVE-2025-5597 was published Jun 4, 2025
This vulnerability allows the successful attacker to gain unauthorized access to a configuration... Critical Unreviewed
CVE-2024-13967 was published Jun 4, 2025
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a... Critical Unreviewed
CVE-2025-4578 was published Jun 4, 2025
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function... Critical Unreviewed
CVE-2025-49223 was published Jun 4, 2025
An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads... Critical Unreviewed
CVE-2025-23097 was published Jun 3, 2025
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0... Critical Unreviewed
CVE-2025-25022 was published Jun 3, 2025
In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result... Critical Unreviewed
CVE-2025-32106 was published Jun 3, 2025
A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an... Critical Unreviewed
CVE-2025-32105 was published Jun 3, 2025
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to... Critical Unreviewed
CVE-2025-44148 was published Jun 3, 2025
An arbitrary file upload vulnerability in the component /server/executeExec of JEHC-BPM v2.0.1... Critical Unreviewed
CVE-2025-45854 was published Jun 3, 2025
Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions ... Critical Unreviewed
CVE-2024-12718 was published Jun 3, 2025
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter... Critical Unreviewed
CVE-2025-4517 was published Jun 3, 2025
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-4797 was published Jun 3, 2025
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length... Critical Unreviewed
CVE-2025-23099 was published Jun 2, 2025
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020... Critical Unreviewed
CVE-2025-5086 was published Jun 2, 2025
An authentication bypass vulnerability exists in HPE StoreOnce Software. Critical Unreviewed
CVE-2025-37093 was published Jun 2, 2025
An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama... Critical Unreviewed
CVE-2025-1750 was published Jun 2, 2025
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower... Critical Unreviewed
CVE-2025-0324 was published Jun 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database