Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+

132 advisories

Loading
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital... Critical Unreviewed
CVE-2025-56513 was published Sep 30, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and... High Unreviewed
CVE-2025-34212 was published Sep 29, 2025
The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code... High Unreviewed
CVE-2025-57431 was published Sep 22, 2025
A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary... High Unreviewed
CVE-2025-9319 was published Sep 11, 2025
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air... High Unreviewed
CVE-2025-30199 was published Sep 5, 2025
Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An... Critical Unreviewed
CVE-2025-35115 was published Aug 27, 2025
An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL... Moderate Unreviewed
CVE-2024-47192 was published Aug 26, 2025
A firmware update vulnerability exists in the Firmware Signature Validation functionality of... High Unreviewed
CVE-2025-31355 was published Aug 20, 2025
The affected product allows firmware updates to be downloaded from EG4's website, transferred... High Unreviewed
CVE-2025-53520 was published Aug 8, 2025
Download of code without integrity check vulnerability in AirPrint functionality in Synology... High Unreviewed
CVE-2024-39348 was published Aug 7, 2025
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect... Critical Unreviewed
CVE-2025-53696 was published Jul 28, 2025
The cross-browser document creation component developed by Digitware System Integration... High Unreviewed
CVE-2025-7620 was published Jul 14, 2025
Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This... Low Unreviewed
CVE-2025-52937 was published Jun 23, 2025
Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A... High Unreviewed
CVE-2025-4648 was published May 13, 2025
Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code... Critical Unreviewed
CVE-2025-28236 was published Apr 18, 2025
The product can be used to distribute malicious code using SDD Device Drivers due to missing... Critical Unreviewed
CVE-2025-27593 was published Mar 14, 2025
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to... High Unreviewed
CVE-2024-43169 was published Mar 3, 2025
SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware... High Unreviewed
CVE-2024-50696 was published Feb 26, 2025
CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the... High Unreviewed
CVE-2025-1058 was published Feb 13, 2025
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware... High Unreviewed
CVE-2024-52331 was published Jan 23, 2025
BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It... Low Unreviewed
CVE-2024-42183 was published Jan 23, 2025
The ventilator does not perform proper file integrity checks when adopting firmware updates. This... Critical Unreviewed
CVE-2024-48974 was published Nov 15, 2024
An exploit is possible where an actor with physical access can manipulate SPI flash without being... Moderate Unreviewed
CVE-2024-33660 was published Nov 12, 2024
Gradio lacks integrity checking on the downloaded FRP client High
CVE-2024-47867 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Credited to ahpaleus and Vasco-jofra
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling... Critical Unreviewed
CVE-2024-45321 was published Aug 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database