Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,645 advisories

Loading
An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute... Critical Unreviewed
CVE-2025-61168 was published Nov 25, 2025
cggmp21 has a missing check in the ZK proof used in CGGMP21 Critical
CVE-2025-66016 was published for cggmp21 (Rust) Nov 25, 2025
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged... Critical Unreviewed
CVE-2025-33187 was published Nov 25, 2025
An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers... Critical Unreviewed
CVE-2025-63729 was published Nov 25, 2025
Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18... Critical Unreviewed
CVE-2025-60739 was published Nov 25, 2025
An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by... Critical Unreviewed
CVE-2025-59366 was published Nov 25, 2025
Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow... Critical Unreviewed
CVE-2025-64693 was published Nov 25, 2025
Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow... Critical Unreviewed
CVE-2025-62691 was published Nov 25, 2025
The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,... Critical Unreviewed
CVE-2025-13559 was published Nov 25, 2025
The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions... Critical Unreviewed
CVE-2025-6389 was published Nov 25, 2025
lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper... Critical Unreviewed
CVE-2025-9803 was published Nov 25, 2025
A Directory Traversal vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54347 was published Nov 25, 2025
In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to... Critical Unreviewed
CVE-2024-47856 was published Nov 25, 2025
LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction Critical
GHSA-rj4j-2jph-gg43 was published for github.com/lf-edge/ekuiper/v2 (Go) Nov 24, 2025
odaysec ptrgits
Credited to odaysec and ptrgits
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR... Critical Unreviewed
CVE-2018-25126 was published Nov 24, 2025
Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi... Critical Unreviewed
CVE-2023-7330 was published Nov 24, 2025
MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (... Critical Unreviewed
CVE-2025-63958 was published Nov 24, 2025
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs... Critical Unreviewed
CVE-2025-12977 was published Nov 24, 2025
iStats contains an insecure XPC service that allows local, unprivileged users to escalate their... Critical Unreviewed
CVE-2025-11921 was published Nov 24, 2025
Grafana Incorrect Privilege Assignment vulnerability Critical
CVE-2025-41115 was published for github.com/grafana/grafana (Go) Nov 21, 2025
cdupuis
Credited to cdupuis
The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9... Critical Unreviewed
CVE-2025-11127 was published Nov 21, 2025
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-11456 was published Nov 21, 2025
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict... Critical Unreviewed
CVE-2025-64310 was published Nov 21, 2025
Azure Bastion Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-49752 was published Nov 21, 2025
Microsoft SharePoint Online Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-59245 was published Nov 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database