Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,580 advisories

Loading
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to... Critical Unreviewed
CVE-2025-66385 was published Nov 28, 2025
Permission control vulnerability in the memory management module. Impact: Successful exploitation... Critical Unreviewed
CVE-2025-64314 was published Nov 28, 2025
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12... Critical Unreviewed
CVE-2025-12421 was published Nov 27, 2025
Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3... Critical Unreviewed
CVE-2025-12419 was published Nov 27, 2025
Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool... Critical Unreviewed
CVE-2025-8890 was published Nov 27, 2025
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the... Critical Unreviewed
CVE-2025-12140 was published Nov 27, 2025
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2025-13539 was published Nov 27, 2025
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up... Critical Unreviewed
CVE-2025-13538 was published Nov 27, 2025
The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-13540 was published Nov 27, 2025
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and... Critical Unreviewed
CVE-2025-13675 was published Nov 27, 2025
Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based... Critical Unreviewed
CVE-2025-34351 was published Nov 27, 2025
The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to... Critical Unreviewed
CVE-2024-5539 was published Nov 27, 2025
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are... Critical Unreviewed
CVE-2025-40934 was published Nov 27, 2025
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Critical
CVE-2025-62593 was published for ray (pip) Nov 26, 2025
JLLeitschuh avilum
Credited to JLLeitschuh and avilum
Improper neutralization of special elements used in an OS command ('command injection') in Cursor... Critical Unreviewed
CVE-2025-62354 was published Nov 26, 2025
An OS command injection vulnerability exists due to incomplete validation of user-supplied input... Critical Unreviewed
CVE-2025-64128 was published Nov 26, 2025
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied... Critical Unreviewed
CVE-2025-64127 was published Nov 26, 2025
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could... Critical Unreviewed
CVE-2025-64130 was published Nov 26, 2025
An OS command injection vulnerability exists due to improper input validation. The application... Critical Unreviewed
CVE-2025-64126 was published Nov 26, 2025
Apache Druid’s Kerberos authenticator uses a weak fallback secret Critical
CVE-2025-59390 was published for org.apache.druid:druid (Maven) Nov 26, 2025
The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the ... Critical Unreviewed
CVE-2025-66266 was published Nov 26, 2025
Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66262 was published Nov 26, 2025
Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p... Critical Unreviewed
CVE-2025-66253 was published Nov 26, 2025
Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed
CVE-2025-66250 was published Nov 26, 2025
Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni... Critical Unreviewed
CVE-2025-66255 was published Nov 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database