Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,826 advisories

Loading
Session fixation in Enonic XP Critical
CVE-2024-23679 was published for com.enonic.xp:lib-auth (Maven) Jan 19, 2024
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi... Critical Unreviewed
CVE-2023-35835 was published Jan 24, 2024
An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2023-51892 was published Jan 20, 2024
A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If... Critical Unreviewed
CVE-2025-2500 was published May 30, 2025
Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through... Critical Unreviewed
CVE-2021-42147 was published Jan 24, 2024
Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute... Critical Unreviewed
CVE-2023-51885 was published Jan 24, 2024
Fabio allows HTTP clients to manipulate custom headers it adds Critical
CVE-2025-48865 was published for github.com/fabiolb/fabio (Go) May 29, 2025
47Cid
An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote... Critical Unreviewed
CVE-2025-48757 was published May 30, 2025
Instantel Micromate lacks authentication on a configuration port which could allow an attacker to... Critical Unreviewed
CVE-2025-1907 was published May 30, 2025
The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and... Critical Unreviewed
CVE-2025-46352 was published May 30, 2025
The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even... Critical Unreviewed
CVE-2025-41438 was published May 30, 2025
Symfony Service IDs Allow Injection Critical
CVE-2019-10910 was published for symfony/dependency-injection (Composer) Nov 18, 2019
decsecre583
Ansible fails to properly mark lookup-plugin results as unsafe Critical
CVE-2017-7481 was published for ansible (pip) Sep 6, 2018
decsecre583
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses... Critical Unreviewed
CVE-2023-41591 was published May 29, 2025
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects... Critical Unreviewed
CVE-2024-30223 was published Mar 28, 2024
Windows Network File System Remote Code Execution Vulnerability. Critical Unreviewed
CVE-2022-34715 was published Aug 10, 2022
The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5,... Critical Unreviewed
CVE-2022-32839 was published Aug 25, 2022
Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object... Critical Unreviewed
CVE-2025-48336 was published May 29, 2025
Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the... Critical Unreviewed
CVE-2025-4967 was published May 29, 2025
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted... Critical Unreviewed
CVE-2024-4180 was published Jun 4, 2024
Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded... Critical Unreviewed
CVE-2025-48748 was published May 29, 2025
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for... Critical Unreviewed
CVE-2022-28321 was published Sep 20, 2022
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2024-51360 was published May 23, 2025
vLLM Vulnerable to Remote Code Execution via Mooncake Integration Critical
CVE-2025-32444 was published for vllm (pip) Apr 29, 2025
kexinoh ShangmingCai
russellb
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database