Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,730
Erlang
35
GitHub Actions
29
Go
2,307
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,759 advisories

Loading
vLLM Vulnerable to Remote Code Execution via Mooncake Integration Critical
CVE-2025-32444 was published for vllm (pip) Apr 29, 2025
kexinoh ShangmingCai
russellb
Fabio allows HTTP clients to manipulate custom headers it adds Critical
CVE-2025-48865 was published for github.com/fabiolb/fabio (Go) May 29, 2025
47Cid
There is elevation of privilege. Critical Unreviewed
CVE-2023-21216 was published Dec 5, 2023
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s... Critical Unreviewed
CVE-2025-48047 was published May 29, 2025
Microsoft Outlook Remote Code Execution Vulnerability Critical Unreviewed
CVE-2024-21413 was published Feb 13, 2024
In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution. Critical Unreviewed
CVE-2022-41138 was published Sep 21, 2022
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to... Critical Unreviewed
CVE-2017-20148 was published Sep 21, 2022
A flaw was found in libsoup, which is vulnerable to a use-after-free memory issue not on the heap... Critical Unreviewed
CVE-2025-32911 was published Apr 15, 2025
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi... Critical Unreviewed
CVE-2025-3755 was published May 29, 2025
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open... Critical Unreviewed
CVE-2022-23126 was published Jan 25, 2022
Apache Ranger UI vulnerable to Server Side Request Forgery Critical
CVE-2024-45479 was published for org.apache.ranger:ranger (Maven) Jan 22, 2025
Netwrix Password Secure 9.2.0.32454 allows OS command injection. Critical Unreviewed
CVE-2025-26817 was published Apr 3, 2025
An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student... Critical Unreviewed
CVE-2023-41505 was published Mar 13, 2024
Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03... Critical Unreviewed
CVE-2025-48749 was published May 28, 2025
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary... Critical Unreviewed
CVE-2024-51360 was published May 23, 2025
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution Critical
CVE-2025-32434 was published for pytorch (pip) Apr 18, 2025
azraelxuemo
Gogs vulnerable to Cross-site Scripting Critical
CVE-2022-32174 was published for gogs.io/gogs (Go) Oct 11, 2022
HashiCorp Vault vulnerable to incorrect metadata access Critical
CVE-2022-40186 was published for github.com/hashicorp/vault (Go) Sep 23, 2022
Apache Pinot has Groovy Function support enabled by default Critical
CVE-2022-26112 was published for org.apache.pinot:pinot (Maven) Sep 25, 2022
An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2025-45343 was published May 28, 2025
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
LlamaIndex Retrievers Integration: DuckDBRetriever SQL Injection Critical
CVE-2024-11958 was published for llama-index-retrievers-duckdb-retriever (pip) Mar 20, 2025
aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that... Critical Unreviewed
CVE-2025-5277 was published May 28, 2025
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to... Critical Unreviewed
CVE-2025-3357 was published May 28, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-2812 was published May 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database