Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
37
Go
2,526
Maven
5,000+
npm
4,189
NuGet
742
pip
3,968
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,997 advisories

Loading
In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code... Critical Unreviewed
CVE-2025-58384 was published Sep 26, 2025
In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can... Critical Unreviewed
CVE-2025-55187 was published Sep 26, 2025
get-jwks: poisoned JWKS cache allows post-fetch issuer validation bypass Critical
CVE-2025-59936 was published for get-jwks (npm) Sep 26, 2025
epureionut99
Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress allows Upload a... Critical Unreviewed
CVE-2025-60156 was published Sep 26, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer... Critical Unreviewed
CVE-2025-60219 was published Sep 26, 2025
This vulnerability allows malicious actors to execute arbitrary commands on the underlying system... Critical Unreviewed
CVE-2025-59815 was published Sep 25, 2025
This vulnerability allows attackers to execute arbitrary commands on the underlying system.... Critical Unreviewed
CVE-2025-59817 was published Sep 25, 2025
This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and... Critical Unreviewed
CVE-2025-59814 was published Sep 25, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2025-11005 was published Sep 25, 2025
A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA)... Critical Unreviewed
CVE-2025-20363 was published Sep 25, 2025
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA)... Critical Unreviewed
CVE-2025-20333 was published Sep 25, 2025
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning Critical
CVE-2025-59823 was published for github.com/gardener/gardener-extension-provider-aws (Go) Sep 25, 2025
petersutter kon-angelo
hebelsan JordanJordanov donistz
cors-anywhere vulnerable to server-side request forgery Critical
CVE-2020-36851 was published for cors-anywhere (npm) Sep 25, 2025
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within... Critical Unreviewed
CVE-2025-10542 was published Sep 25, 2025
A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11... Critical Unreviewed
CVE-2025-54943 was published Sep 25, 2025
An external control of file name or path vulnerability in SUNNET Corporate Training Management... Critical Unreviewed
CVE-2025-54945 was published Sep 25, 2025
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows... Critical Unreviewed
CVE-2025-54946 was published Sep 25, 2025
A missing authentication for critical function vulnerability in SUNNET Corporate Training... Critical Unreviewed
CVE-2025-54942 was published Sep 25, 2025
Duplicate Advisory: Malicious versions of Nx were published Critical
GHSA-8mjq-32x3-22qf was published for nx (npm) Sep 25, 2025 withdrawn
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within... Critical Unreviewed
CVE-2025-57347 was published Sep 24, 2025
Command Injection in adb-mcp MCP Server Critical
CVE-2025-59834 was published for adb-mcp (npm) Sep 24, 2025
lirantal
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2025-52906 was published Sep 24, 2025
An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT... Critical Unreviewed
CVE-2025-56819 was published Sep 24, 2025
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote... Critical Unreviewed
CVE-2025-10890 was published Sep 24, 2025
Memory corruption when the UE receives an RTP packet from the network, during the reassembly of... Critical Unreviewed
CVE-2025-21483 was published Sep 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database