Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,704
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

918 advisories

Loading
A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26... Critical Unreviewed
CVE-2025-43342 was published Sep 16, 2025
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute... Critical Unreviewed
CVE-2016-7406 was published May 17, 2022
GitPython vulnerable to Remote Code Execution due to improper user input validation Critical
CVE-2022-24439 was published for GitPython (pip) Dec 6, 2022
ad-m-ss tdunlap607
Credited to ad-m-ss and tdunlap607
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS... Critical Unreviewed
CVE-2025-30452 was published Apr 1, 2025
Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows... Critical Unreviewed
CVE-2021-29921 was published May 24, 2022
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can... Critical Unreviewed
CVE-2024-35161 was published Jul 26, 2024
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure... Critical Unreviewed
CVE-2022-43515 was published Dec 5, 2022
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors() Critical
CVE-2020-13756 was published for sabberworm/php-css-parser (Composer) Mar 26, 2022
sha.js is missing type checks leading to hash rewind and passing on crafted data Critical
CVE-2025-9288 was published for sha.js (npm) Aug 21, 2025
ChALkeR
Credited to ChALkeR
Multiple memory corruption issues were addressed with improved input validation. This issue is... Critical Unreviewed
CVE-2025-43234 was published Jul 30, 2025
An input validation issue was addressed with improved memory handling. This issue is fixed in... Critical Unreviewed
CVE-2025-31281 was published Jul 30, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 26, watchOS... Critical Unreviewed
CVE-2025-43347 was published Sep 16, 2025
cipher-base is missing type checks, leading to hash rewind and passing on crafted data Critical
CVE-2025-9287 was published for cipher-base (npm) Aug 21, 2025
ChALkeR ljharb
Credited to ChALkeR and ljharb
This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15... Critical Unreviewed
CVE-2025-43253 was published Jul 30, 2025
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the... Critical Unreviewed
CVE-2025-64385 was published Oct 31, 2025
HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web... Critical Unreviewed
CVE-2024-30110 was published Oct 30, 2025
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public... Critical Unreviewed
CVE-2025-61235 was published Oct 28, 2025
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload... Critical Unreviewed
CVE-2025-27224 was published Oct 27, 2025
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to... Critical Unreviewed
CVE-2025-34132 was published Jul 17, 2025
Magento Community Edition Improper Input Validation vulnerability Critical
CVE-2025-54236 was published for magento/community-edition (Composer) Sep 9, 2025
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning Critical
CVE-2025-59823 was published for github.com/gardener/gardener-extension-provider-aws (Go) Sep 25, 2025
petersutter kon-angelo
hebelsan JordanJordanov donistz
Credited to petersutter, kon-angelo, hebelsan, JordanJordanov, and donistz
Code injection in Apache Struts Critical
CVE-2013-2251 was published for org.apache.struts:struts2-core (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Apache Struts Remote Java Code Execution Critical
CVE-2012-0391 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ
Credited to sunSUNQ
Magento improper input validation vulnerability Critical
CVE-2022-24086 was published for magento/community-edition (Composer) Feb 17, 2022
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ppkarwasz
Credited to ppkarwasz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database