Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

918 advisories

Loading
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab... Critical Unreviewed
CVE-2021-22205 was published May 24, 2022
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers... Critical Unreviewed
CVE-2018-20062 was published May 13, 2022
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x... Critical Unreviewed
CVE-2017-15944 was published May 13, 2022
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2... Critical Unreviewed
CVE-2018-0125 was published May 13, 2022
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute... Critical Unreviewed
CVE-2017-6316 was published May 17, 2022
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and... Critical Unreviewed
CVE-2017-3881 was published May 13, 2022
Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP... Critical Unreviewed
CVE-2025-8414 was published Oct 17, 2025
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
qdrant input validation failure Critical
CVE-2024-3829 was published for qdrant-client (pip) Jun 3, 2024
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version... Critical Unreviewed
CVE-2025-34111 was published Jul 15, 2025
An improper input validation vulnerability was discovered in Avaya IP Office that could allow... Critical Unreviewed
CVE-2024-4196 was published Jun 25, 2024
A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices... Critical Unreviewed
CVE-2014-125117 was published Jul 25, 2025
Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script... Critical Unreviewed
CVE-2025-57644 was published Sep 22, 2025
Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34161 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34159 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS)... Critical Unreviewed
CVE-2025-34157 was published Aug 27, 2025
Picklescan Bypass is Possible via File Extension Mismatch Critical
CVE-2025-10155 was published for picklescan (pip) Sep 10, 2025
Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch Critical
GHSA-j424-mc44-f4hj was published for picklescan (pip) Sep 17, 2025 withdrawn
Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that... Critical Unreviewed
CVE-2025-1087 was published May 9, 2025
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation Critical
CVE-2025-54123 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Credited to Kr1shna4garwal
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page... Critical Unreviewed
CVE-2023-3710 was published Sep 12, 2023
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0,... Critical Unreviewed
CVE-2024-35213 was published Jun 11, 2024
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input... Critical Unreviewed
CVE-2024-45169 was published Aug 22, 2024
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing... Critical Unreviewed
CVE-2017-12184 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing... Critical Unreviewed
CVE-2017-12187 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database