Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,814
Erlang
36
GitHub Actions
32
Go
2,399
Maven
5,000+
npm
4,040
NuGet
722
pip
3,829
Pub
12
RubyGems
932
Rust
1,002
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,190 advisories

Loading
Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows... High Unreviewed
CVE-2025-8279 was published Jul 28, 2025
An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without... Critical Unreviewed
CVE-2025-30135 was published Jul 25, 2025
A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to... Critical Unreviewed
CVE-2014-125116 was published Jul 25, 2025
A client-side remote code execution vulnerability exists in Samsung Security Manager versions 1... High Unreviewed
CVE-2016-15046 was published Jul 25, 2025
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The... High Unreviewed
CVE-2013-10032 was published Jul 25, 2025
The embedded web server on the thermostat listed version ranges contain a vulnerability that... Critical Unreviewed
CVE-2025-6260 was published Jul 24, 2025
DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user... High Unreviewed
CVE-2025-48733 was published Jul 23, 2025
Mattermost Missing Authentication for Critical Function Moderate
CVE-2025-6226 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by... High Unreviewed
CVE-2025-34119 was published Jul 16, 2025
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station... Critical Unreviewed
CVE-2025-34121 was published Jul 16, 2025
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2025-30762 was published Jul 15, 2025
An authenticated remote code execution vulnerability exists in Piwik (now Matomo) versions prior... Critical Unreviewed
CVE-2025-34104 was published Jul 15, 2025
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version... Moderate Unreviewed
CVE-2025-52089 was published Jul 11, 2025
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services ... High Unreviewed
CVE-2025-53378 was published Jul 10, 2025
An unauthenticated user with management network access can get and modify the Radiflow iSAP... Critical Unreviewed
CVE-2025-3498 was published Jul 9, 2025
An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to... Critical Unreviewed
CVE-2025-34085 was published Jul 9, 2025
Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows... Moderate Unreviewed
CVE-2025-7031 was published Jul 8, 2025
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows... High Unreviewed
CVE-2025-48814 was published Jul 8, 2025
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application... Critical Unreviewed
CVE-2025-40736 was published Jul 8, 2025
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an... High Unreviewed
CVE-2025-25268 was published Jul 8, 2025
Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 ... Critical Unreviewed
CVE-2025-45814 was published Jul 2, 2025
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with... Critical Unreviewed
CVE-2025-34071 was published Jul 2, 2025
An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default... Critical Unreviewed
CVE-2025-34069 was published Jul 2, 2025
A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5... Critical Unreviewed
CVE-2025-34070 was published Jul 2, 2025
A flaw was found in the authentication enforcement mechanism of a model inference API in ai... Moderate Unreviewed
CVE-2025-6920 was published Jul 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database