Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,682 advisories

Loading
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are... Critical Unreviewed
CVE-2025-54304 was published Dec 4, 2025
The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are... Critical Unreviewed
CVE-2025-54303 was published Dec 4, 2025
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation... Critical Unreviewed
CVE-2024-45538 was published Dec 4, 2025
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial... Critical Unreviewed
CVE-2025-65868 was published Dec 3, 2025
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local... Critical Unreviewed
CVE-2025-64055 was published Dec 3, 2025
React Server Components are Vulnerable to RCE Critical
GHSA-fmh4-wr37-44fp was published for @vitejs/plugin-rsc (npm) Dec 3, 2025
React Server Components are Vulnerable to RCE Critical
CVE-2025-55182 was published for react-server-dom-parcel (npm) Dec 3, 2025
lachlan2k PiotrBorowski
nozo-moto leogasparini mtorp mnahkies mswilson AsapHogFtw
Credited to lachlan2k, PiotrBorowski, nozo-moto, leogasparini, mtorp, mnahkies, mswilson, and AsapHogFtw
Next.js is vulnerable to RCE in React flight protocol Critical
GHSA-9qr9-h5gf-34mp was published for next (npm) Dec 3, 2025
lachlan2k bytera
larskaare mswilson conorfitch tockn
Credited to lachlan2k, bytera, larskaare, mswilson, conorfitch, and tockn
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8... Critical Unreviewed
CVE-2025-34319 was published Dec 3, 2025
Step CA Has Authorization Bypass in ACME and SCEP Provisioners Critical
CVE-2025-44005 was published for github.com/smallstep/certificates (Go) Dec 3, 2025
In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar... Critical Unreviewed
CVE-2025-65267 was published Dec 3, 2025
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification... Critical Unreviewed
CVE-2025-13342 was published Dec 3, 2025
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions... Critical Unreviewed
CVE-2025-13390 was published Dec 3, 2025
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution... Critical Unreviewed
CVE-2025-13486 was published Dec 3, 2025
The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-13542 was published Dec 2, 2025
The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without... Critical Unreviewed
CVE-2025-13510 was published Dec 2, 2025
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute... Critical Unreviewed
CVE-2025-13658 was published Dec 2, 2025
assyncmy is vulnerable to SQL injection via crafted dict keys Critical
CVE-2025-65896 was published for asyncmy (pip) Dec 2, 2025
code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the... Critical Unreviewed
CVE-2025-60736 was published Dec 2, 2025
Mautic user without privileged access to the Marketplace can install and uninstall composer packages Critical
CVE-2025-13828 was published for mautic/core (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not... Critical Unreviewed
CVE-2025-58386 was published Dec 2, 2025
dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend... Critical Unreviewed
CVE-2025-65656 was published Dec 2, 2025
Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via... Critical Unreviewed
CVE-2025-65358 was published Dec 2, 2025
A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the... Critical Unreviewed
CVE-2025-60854 was published Dec 2, 2025
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Critical Unreviewed
CVE-2025-59703 was published Dec 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database