Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,368
Maven
5,000+
npm
3,988
NuGet
720
pip
3,779
Pub
12
RubyGems
926
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

26,057 advisories

Loading
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0... Critical Unreviewed
CVE-2025-37099 was published Jul 1, 2025
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent... Critical Unreviewed
CVE-2025-34064 was published Jul 1, 2025
A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum... Critical Unreviewed
CVE-2025-34060 was published Jul 1, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.Kazi Custom... Critical Unreviewed
CVE-2025-49029 was published Jul 1, 2025
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi... Critical Unreviewed
CVE-2025-34054 was published Jul 1, 2025
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the... Critical Unreviewed
CVE-2025-34055 was published Jul 1, 2025
An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the... Critical Unreviewed
CVE-2025-34056 was published Jul 1, 2025
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1... Critical Unreviewed
CVE-2025-34063 was published Jul 1, 2025
An unauthenticated remote attacker can bypass the login to the web application of the affected... Critical Unreviewed
CVE-2025-41648 was published Jul 1, 2025
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high... Critical Unreviewed
CVE-2025-41656 was published Jul 1, 2025
The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the... Critical Unreviewed
CVE-2025-6934 was published Jul 1, 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a... Critical Unreviewed
CVE-2025-32463 was published Jun 30, 2025
Conductor vulnerable to OS command injection through unrestricted access to Java classes Critical
CVE-2025-26074 was published for org.conductoross:conductor-core (Maven) Jun 30, 2025
An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to... Critical Unreviewed
CVE-2025-45931 was published Jun 30, 2025
Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206... Critical Unreviewed
CVE-2025-24290 was published Jun 29, 2025
The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has... Critical Unreviewed
CVE-2025-53391 was published Jun 29, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Critical
CVE-2025-32897 was published for org.apache.seata:seata-config-core (Maven) Jun 28, 2025
oscerd
The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to... Critical Unreviewed
CVE-2025-5304 was published Jun 28, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-12150 was published Jun 27, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-12143 was published Jun 27, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-11739 was published Jun 27, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-12364 was published Jun 27, 2025
Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated... Critical Unreviewed
CVE-2025-5310 was published Jun 27, 2025
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a... Critical Unreviewed
CVE-2025-52207 was published Jun 27, 2025
Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer allows SQL Injection. This... Critical Unreviewed
CVE-2025-53314 was published Jun 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database