Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

884 advisories

Loading
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7... Critical Unreviewed
CVE-2025-34044 was published Jun 26, 2025
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware... Critical Unreviewed
CVE-2025-34042 was published Jun 26, 2025
pbkdf2 silently disregards Uint8Array input, returning static keys Critical
CVE-2025-6547 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos Critical
CVE-2025-6545 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system... Critical Unreviewed
CVE-2025-25038 was published Jun 20, 2025
An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot... Critical Unreviewed
CVE-2025-34030 was published Jun 20, 2025
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and... Critical Unreviewed
CVE-2025-34024 was published Jun 20, 2025
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an... Critical Unreviewed
CVE-2024-1244 was published Jun 11, 2025
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
An improper input validation discovered in Avaya Call Management System could allow an... Critical Unreviewed
CVE-2025-1041 was published Jun 10, 2025
Cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve... Critical Unreviewed
CVE-2025-41377 was published May 23, 2025
Gardener allows bypassing project secret validation which can lead to privilege escalation Critical
CVE-2025-47283 was published for github.com/gardener/gardener (Go) May 19, 2025
petersutter rfranzke
donistz timuthy JordanJordanov
Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation Critical
CVE-2025-47282 was published for github.com/gardener/external-dns-management (Go) May 19, 2025
petersutter donistz
MartinWeindel JordanJordanov
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-43559 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-43560 was published May 13, 2025
Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that... Critical Unreviewed
CVE-2025-1087 was published May 9, 2025
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments... Critical Unreviewed
CVE-2025-32079 was published Apr 11, 2025
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows... Critical Unreviewed
CVE-2025-32073 was published Apr 11, 2025
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - AJAX Poll... Critical Unreviewed
CVE-2025-32070 was published Apr 11, 2025
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth... Critical Unreviewed
CVE-2025-32067 was published Apr 11, 2025
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata... Critical Unreviewed
CVE-2025-32071 was published Apr 11, 2025
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media... Critical Unreviewed
CVE-2025-32069 was published Apr 11, 2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-24446 was published Apr 8, 2025
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell` Critical
CVE-2025-31477 was published for @tauri-apps/plugin-shell (npm) Apr 2, 2025
Rigidity tweidinger
chippers lucasfernog
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS... Critical Unreviewed
CVE-2025-30452 was published Apr 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database