GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,234
Composer 4,894
Erlang 38
GitHub Actions 38
Go 2,558
Maven 6,031
npm 4,232
NuGet 751
pip 4,001
Pub 12
RubyGems 953
Rust 1,042
Swift 45

Unreviewed advisories

All unreviewed 273,736

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

273,736 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6... Moderate Unreviewed

CVE-2025-36002 was published Oct 16, 2025

Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality,... Unknown Unreviewed

CVE-2025-22381 was published Oct 16, 2025

SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php. Unknown Unreviewed

CVE-2025-61540 was published Oct 16, 2025

FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the... Unknown Unreviewed

CVE-2025-61536 was published Oct 16, 2025

Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality ... Unknown Unreviewed

CVE-2025-61541 was published Oct 16, 2025

Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in... Unknown Unreviewed

CVE-2025-61539 was published Oct 16, 2025

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker... Moderate Unreviewed

CVE-2025-41254 was published Oct 16, 2025

A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4... Unknown Unreviewed

CVE-2025-61543 was published Oct 16, 2025

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to... High Unreviewed

CVE-2025-41253 was published Oct 16, 2025

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of... Moderate Unreviewed

CVE-2025-11839 was published Oct 16, 2025

A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11... Moderate Unreviewed

CVE-2025-46752 was published Oct 16, 2025

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability ... Moderate Unreviewed

CVE-2025-53951 was published Oct 16, 2025

An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in... Moderate Unreviewed

CVE-2025-53950 was published Oct 16, 2025

Due to an insufficient access control implementation in multiple WSO2 Products, authentication... Critical Unreviewed

CVE-2025-10611 was published Oct 16, 2025

An improper privilege management vulnerability exists in WSO2 API Manager due to missing... Critical Unreviewed

CVE-2025-9152 was published Oct 16, 2025

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to... Moderate Unreviewed

CVE-2025-9955 was published Oct 16, 2025

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability ... High Unreviewed

CVE-2025-54658 was published Oct 16, 2025

An improper access control vulnerability exists in multiple WSO2 products due to insufficient... Critical Unreviewed

CVE-2025-9804 was published Oct 16, 2025

Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow... Moderate Unreviewed

CVE-2025-55072 was published Oct 16, 2025

Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation, the... Moderate Unreviewed

CVE-2025-3930 was published Oct 16, 2025

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which... Critical Unreviewed

CVE-2025-6338 was published Oct 16, 2025

Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9... Moderate Unreviewed

CVE-2025-58079 was published Oct 16, 2025

desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an... Moderate Unreviewed

CVE-2025-58426 was published Oct 16, 2025

Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow... Moderate Unreviewed

CVE-2025-54859 was published Oct 16, 2025

Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow... Moderate Unreviewed

CVE-2025-54760 was published Oct 16, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

273,736 advisories