Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,685
Maven
5,000+
npm
4,318
NuGet
760
pip
4,092
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via... Critical Unreviewed
CVE-2025-55343 was published Nov 5, 2025
Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output... Critical Unreviewed
CVE-2025-8276 was published Sep 16, 2025
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute... Critical Unreviewed
CVE-2025-56266 was published Sep 8, 2025
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center... Critical Unreviewed
CVE-2025-20265 was published Aug 14, 2025
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed
CVE-2025-20337 was published Jul 16, 2025
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed
CVE-2025-20281 was published Jun 26, 2025
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi lucasmrod
getvictor rh-colbymorgan jeffssh
Credited to hakivvi, lucasmrod, getvictor, rh-colbymorgan, and jeffssh
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO:... Critical Unreviewed
CVE-2022-31631 was published Feb 13, 2025
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header Critical
GHSA-c2p2-hgjg-9r3f was published for islandora/crayfish (Composer) Feb 12, 2025
xbow-security
Credited to xbow-security
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Critical Unreviewed
CVE-2025-22978 was published Feb 3, 2025
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39784 was published Jan 14, 2025
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39785 was published Jan 14, 2025
A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink... Critical Unreviewed
CVE-2024-39604 was published Jan 14, 2025
A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink... Critical Unreviewed
CVE-2024-34544 was published Jan 14, 2025
A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000... Critical Unreviewed
CVE-2024-36295 was published Jan 14, 2025
A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink... Critical Unreviewed
CVE-2024-21797 was published Jan 14, 2025
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It... Critical Unreviewed
CVE-2024-10914 was published Nov 6, 2024
DataEase's H2 datasource has a remote command execution risk Critical
CVE-2024-46997 was published for io.dataease:common (Maven) Sep 23, 2024
flylzj
Credited to flylzj
A host header injection vulnerability exists in the forgot password functionality of ArrowCMS... Critical Unreviewed
CVE-2024-42914 was published Aug 23, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39227 was published Aug 6, 2024
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR)... Critical Unreviewed
CVE-2024-40324 was published Jul 25, 2024
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows... Critical Unreviewed
CVE-2024-39704 was published Jul 3, 2024
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST... Critical Unreviewed
CVE-2024-39243 was published Jun 26, 2024
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language)... Critical Unreviewed
CVE-2024-37759 was published Jun 24, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection Critical
GHSA-x86x-qhf8-f37w was published for willdurand/js-translation-bundle (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database