Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

26,421 advisories

Loading
The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in... Critical Unreviewed
CVE-2025-7710 was published Aug 2, 2025
Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the... Critical Unreviewed
CVE-2025-50870 was published Aug 1, 2025
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the... Critical Unreviewed
CVE-2013-10060 was published Aug 1, 2025
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows... Critical Unreviewed
CVE-2013-10047 was published Aug 1, 2025
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300... Critical Unreviewed
CVE-2013-10048 was published Aug 1, 2025
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and... Critical Unreviewed
CVE-2013-10055 was published Aug 1, 2025
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically... Critical Unreviewed
CVE-2013-10049 was published Aug 1, 2025
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to... Critical Unreviewed
CVE-2013-10051 was published Aug 1, 2025
Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration Critical
CVE-2025-6000 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers Critical
CVE-2025-54782 was published for @nestjs/devtools-integration (npm) Aug 1, 2025
JLLeitschuh
Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection... Critical Unreviewed
CVE-2025-52390 was published Aug 1, 2025
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view... Critical Unreviewed
CVE-2025-45150 was published Aug 1, 2025
The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through... Critical Unreviewed
CVE-2025-50472 was published Aug 1, 2025
Cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve... Critical Unreviewed
CVE-2025-41377 was published May 23, 2025
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1... Critical Unreviewed
CVE-2025-41370 was published Aug 1, 2025
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1... Critical Unreviewed
CVE-2025-41371 was published Aug 1, 2025
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software,... Critical Unreviewed
CVE-2025-8454 was published Aug 1, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-5947 was published Aug 1, 2025
The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-5954 was published Aug 1, 2025
Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line... Critical Unreviewed
CVE-2025-8286 was published Jul 31, 2025
An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to... Critical Unreviewed
CVE-2025-26063 was published Jul 31, 2025
An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated... Critical Unreviewed
CVE-2025-26062 was published Jul 31, 2025
num2words subjected to phishing attack, two versions published containing malware Critical
GHSA-jxr6-qrxx-2ph2 was published for num2words (pip) Jul 31, 2025
An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6,... Critical Unreviewed
CVE-2025-50475 was published Jul 31, 2025
An input validation issue was addressed with improved memory handling. This issue is fixed in... Critical Unreviewed
CVE-2025-31281 was published Jul 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database