GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,719
Composer 4,743
Erlang 35
GitHub Actions 29
Go 2,318
Maven 5,601
npm 3,950
NuGet 711
pip 3,730
Pub 12
RubyGems 920
Rust 965
Swift 38

Unreviewed advisories

All unreviewed 257,723

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

22,485 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A session management vulnerability exists in Apache Roller before version 6.1.5 where active user... Critical Unreviewed

CVE-2025-24859 was published Apr 14, 2025

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter... Critical Unreviewed

CVE-2025-4517 was published Jun 3, 2025

An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary... Critical Unreviewed

CVE-2024-23741 was published Jan 28, 2024

Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions ... Critical Unreviewed

CVE-2024-12718 was published Jun 3, 2025

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed

CVE-2023-51812 was published Jan 4, 2024

The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a... Critical Unreviewed

CVE-2021-42949 was published Sep 17, 2022

The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation... Critical Unreviewed

CVE-2022-39008 was published Sep 17, 2022

In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result... Critical Unreviewed

CVE-2025-32106 was published Jun 3, 2025

Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to... Critical Unreviewed

CVE-2025-44148 was published Jun 3, 2025

A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an... Critical Unreviewed

CVE-2025-32105 was published Jun 3, 2025

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0... Critical Unreviewed

CVE-2025-25022 was published Jun 3, 2025

An arbitrary file upload vulnerability in the component /server/executeExec of JEHC-BPM v2.0.1... Critical Unreviewed

CVE-2025-45854 was published Jun 3, 2025

The location module has a vulnerability of bypassing permission verification.Successful... Critical Unreviewed

CVE-2022-39007 was published Sep 17, 2022

The router console is accessible without authentication at "data" field, and while a user needs... Critical Unreviewed

CVE-2023-49255 was published Jan 12, 2024

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE)... Critical Unreviewed

CVE-2023-52031 was published Jan 11, 2024

The WLAN module has a vulnerability in permission verification. Successful exploitation of this... Critical Unreviewed

CVE-2022-39009 was published Sep 17, 2022

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5... Critical Unreviewed

CVE-2023-39336 was published Jan 9, 2024

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because... Critical Unreviewed

CVE-2023-50982 was published Jan 8, 2024

uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. Critical Unreviewed

CVE-2022-48620 was published Jan 12, 2024

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed

CVE-2025-4797 was published Jun 3, 2025

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length... Critical Unreviewed

CVE-2025-23099 was published Jun 2, 2025

D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via... Critical Unreviewed

CVE-2023-48842 was published Dec 1, 2023

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check.... Critical Unreviewed

CVE-2025-20672 was published Jun 2, 2025

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission... Critical Unreviewed

CVE-2025-20674 was published Jun 2, 2025

The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in... Critical Unreviewed

CVE-2022-1609 was published Jan 16, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

22,485 advisories