Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

110,097 advisories

Loading
Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa... High Unreviewed
CVE-2025-51628 was published Aug 5, 2025
Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of... High Unreviewed
CVE-2025-54254 was published Aug 5, 2025
Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker... High Unreviewed
CVE-2025-7674 was published Aug 5, 2025
XWiki exposes passwords and emails stored in fields not named password/email in xml.vm High
CVE-2025-54125 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
XWiki leaks password hashes and other accessible password properties High
CVE-2025-54124 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force... High Unreviewed
CVE-2025-7033 was published Aug 5, 2025
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force... High Unreviewed
CVE-2025-7025 was published Aug 5, 2025
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force... High Unreviewed
CVE-2025-7032 was published Aug 5, 2025
Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder High
CVE-2025-54801 was published for github.com/gofiber/fiber/v2 (Go) Aug 5, 2025
anuraagbaishya
mcp-package-docs vulnerable to command injection in several tools High
CVE-2025-54073 was published for mcp-package-docs (npm) Aug 5, 2025
dellalibera
The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-7050 was published Aug 5, 2025
A low privileged local attacker can interact with the affected service although user-interaction... High Unreviewed
CVE-2025-41698 was published Aug 5, 2025
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-6207 was published Aug 5, 2025
The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-5061 was published Aug 5, 2025
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a... High Unreviewed
CVE-2025-27211 was published Aug 5, 2025
CyberGhostVPNSetup.exe (Windows installer) is signed using the weak cryptographic hash algorithm... High Unreviewed
CVE-2025-51726 was published Aug 4, 2025
Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with... High Unreviewed
CVE-2025-53394 was published Aug 4, 2025
Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code... High Unreviewed
CVE-2025-53395 was published Aug 4, 2025
Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An... High Unreviewed
CVE-2025-38741 was published Aug 4, 2025
Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch... High Unreviewed
CVE-2025-21120 was published Aug 4, 2025
Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded... High Unreviewed
CVE-2025-26476 was published Aug 4, 2025
RatPanel can perform remote command execution without authorization High
CVE-2025-53534 was published for github.com/tnborg/panel (Go) Aug 4, 2025
LTLTLXEY devhaozi
Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API... High Unreviewed
CVE-2025-44957 was published Aug 4, 2025
ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation... High Unreviewed
CVE-2013-10052 was published Aug 4, 2025
RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain... High Unreviewed
CVE-2025-44960 was published Aug 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database