Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,777 advisories

Loading
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified Critical Unreviewed
CVE-2025-40908 was published Jun 1, 2025
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by... Critical Unreviewed
CVE-2025-49113 was published Jun 2, 2025
A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL... Critical Unreviewed
CVE-2025-5408 was published Jun 2, 2025
The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-4607 was published May 31, 2025
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing... Critical Unreviewed
CVE-2025-4631 was published May 31, 2025
A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. ... Critical Unreviewed
CVE-2020-36846 was published May 30, 2025
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi... Critical Unreviewed
CVE-2025-44619 was published May 30, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 18.4,... Critical Unreviewed
CVE-2025-30466 was published May 30, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4.... Critical Unreviewed
CVE-2025-31263 was published May 30, 2025
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Critical Unreviewed
CVE-2022-40674 was published Sep 15, 2022
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c... Critical Unreviewed
CVE-2022-37434 was published Aug 6, 2022
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation,... Critical Unreviewed
CVE-2024-6366 was published Jul 29, 2024
An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external... Critical Unreviewed
CVE-2023-28152 was published Mar 24, 2023
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery ... Critical Unreviewed
CVE-2021-31531 was published May 24, 2022
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take... Critical Unreviewed
CVE-2020-26167 was published May 24, 2022
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. Critical Unreviewed
CVE-2019-3905 was published May 14, 2022
An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external... Critical Unreviewed
CVE-2023-28150 was published Mar 25, 2023
An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML... Critical Unreviewed
CVE-2023-28151 was published Mar 24, 2023
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL... Critical Unreviewed
CVE-2022-34909 was published Feb 27, 2023
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS... Critical Unreviewed
CVE-2022-26776 was published May 27, 2022
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
Unsafe yaml deserialization in llama-hub Critical
CVE-2024-23730 was published for llama-hub (pip) Jan 21, 2024
r3kumar
Session fixation in Enonic XP Critical
CVE-2024-23679 was published for com.enonic.xp:lib-auth (Maven) Jan 19, 2024
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi... Critical Unreviewed
CVE-2023-35835 was published Jan 24, 2024
An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2023-51892 was published Jan 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database