Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,368
Maven
5,000+
npm
3,988
NuGet
720
pip
3,779
Pub
12
RubyGems
926
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

108,893 advisories

Loading
The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized... High Unreviewed
CVE-2025-5692 was published Jul 2, 2025
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non... High Unreviewed
CVE-2025-36630 was published Jul 2, 2025
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to... High Unreviewed
CVE-2025-49741 was published Jul 2, 2025
@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix High
CVE-2025-53110 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling High
CVE-2025-53109 was published for @modelcontextprotocol/server-filesystem (npm) Jul 1, 2025
YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypted communicatons, possibly... High Unreviewed
CVE-2025-45080 was published Jul 1, 2025
Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data. High Unreviewed
CVE-2025-45081 was published Jul 1, 2025
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting... High Unreviewed
CVE-2025-6297 was published Jul 1, 2025
Pillow vulnerability can cause write buffer overflow on BCn encoding High
CVE-2025-48379 was published for pillow (pip) Jul 1, 2025
A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. High Unreviewed
CVE-2025-37098 was published Jul 1, 2025
An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due... High Unreviewed
CVE-2025-34066 was published Jul 1, 2025
A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an... High Unreviewed
CVE-2025-37097 was published Jul 1, 2025
A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809... High Unreviewed
CVE-2025-6953 was published Jul 1, 2025
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote... High Unreviewed
CVE-2025-34058 was published Jul 1, 2025
An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management... High Unreviewed
CVE-2025-34059 was published Jul 1, 2025
Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun.  This... High Unreviewed
CVE-2025-49492 was published Jul 1, 2025
Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated... High Unreviewed
CVE-2025-49480 was published Jul 1, 2025
A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615.... High Unreviewed
CVE-2025-6939 was published Jul 1, 2025
A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected... High Unreviewed
CVE-2025-6940 was published Jul 1, 2025
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform... High Unreviewed
CVE-2025-6554 was published Jul 1, 2025
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git... High Unreviewed
CVE-2025-49521 was published Jun 30, 2025
A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are... High Unreviewed
CVE-2025-49520 was published Jun 30, 2025
Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by... High Unreviewed
CVE-2025-36593 was published Jun 30, 2025
Graylog vulnerable to privilege escalation through API tokens High
CVE-2025-53106 was published for org.graylog2:graylog2-server (Maven) Jun 30, 2025
thll
@cyanheads/git-mcp-server vulnerable to command injection in several tools High
CVE-2025-53107 was published for @cyanheads/git-mcp-server (npm) Jun 30, 2025
dellalibera cyanheads
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database