Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,645 advisories

Loading
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password... Critical Unreviewed
CVE-2025-54321 was published Nov 18, 2025
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php... Critical Unreviewed
CVE-2025-63695 was published Nov 18, 2025
An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager... Critical Unreviewed
CVE-2025-63994 was published Nov 18, 2025
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage. Critical Unreviewed
CVE-2025-63694 was published Nov 18, 2025
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user... Critical Unreviewed
CVE-2025-56643 was published Nov 18, 2025
Eclipse Jersey has a Race Condition Critical
CVE-2025-12383 was published for org.glassfish.jersey.core:jersey-client (Maven) Nov 18, 2025
irene221b
Credited to irene221b
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads Critical
CVE-2025-65015 was published for joserfc (pip) Nov 18, 2025
ixunio
Credited to ixunio
A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation... Critical Unreviewed
CVE-2025-9312 was published Nov 18, 2025
An unauthenticated remote attacker can execute arbitrary php files and gain full access of the... Critical Unreviewed
CVE-2025-41734 was published Nov 18, 2025
The commissioning wizard on the affected devices does not validate if the device is already... Critical Unreviewed
CVE-2025-41733 was published Nov 18, 2025
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows... Critical Unreviewed
CVE-2025-41346 was published Nov 18, 2025
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious... Critical Unreviewed
CVE-2025-40549 was published Nov 18, 2025
A missing validation process exists in Serv U when abused, could give a malicious actor with... Critical Unreviewed
CVE-2025-40548 was published Nov 18, 2025
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with... Critical Unreviewed
CVE-2025-40547 was published Nov 18, 2025
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in... Critical Unreviewed
CVE-2024-44659 was published Nov 17, 2025
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default... Critical Unreviewed
CVE-2025-63747 was published Nov 17, 2025
The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the... Critical Unreviewed
CVE-2025-9501 was published Nov 17, 2025
ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-13284 was published Nov 17, 2025
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no... Critical Unreviewed
CVE-2025-10460 was published Nov 17, 2025
General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded... Critical Unreviewed
CVE-2025-58083 was published Nov 15, 2025
TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd... Critical Unreviewed
CVE-2021-4470 was published Nov 15, 2025
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code... Critical Unreviewed
CVE-2024-28988 was published Nov 15, 2025
AstrBot is vulnerable to RCE with hard-coded JWT signing keys Critical
CVE-2025-55449 was published for astrbot (pip) Nov 14, 2025
Marven11 Raven95676
Soulter
Credited to Marven11, Raven95676, and Soulter
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54339 was published Nov 14, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54343 was published Nov 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database