Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,335 advisories

Loading
Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows... Critical Unreviewed
CVE-2025-60238 was published Oct 22, 2025
Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection... Critical Unreviewed
CVE-2025-60039 was published Oct 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-59557 was published Oct 22, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-58967 was published Oct 22, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy... Critical Unreviewed
CVE-2025-52758 was published Oct 22, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2025-58958 was published Oct 22, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows... Critical Unreviewed
CVE-2025-58963 was published Oct 22, 2025
Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter... Critical Unreviewed
CVE-2025-53424 was published Oct 22, 2025
A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on... Critical Unreviewed
CVE-2025-57870 was published Oct 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52735 was published Oct 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52734 was published Oct 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2025-52741 was published Oct 22, 2025
Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview... Critical Unreviewed
CVE-2025-52738 was published Oct 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-49931 was published Oct 22, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-49915 was published Oct 22, 2025
TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure. Critical Unreviewed
CVE-2025-56447 was published Oct 22, 2025
AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated command injection... Critical Unreviewed
CVE-2016-15048 was published Oct 22, 2025
The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated... Critical Unreviewed
CVE-2025-41723 was published Oct 22, 2025
The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an... Critical Unreviewed
CVE-2025-41108 was published Oct 22, 2025
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing... Critical Unreviewed
CVE-2025-62481 was published Oct 21, 2025
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST... Critical Unreviewed
CVE-2025-61757 was published Oct 21, 2025
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing... Critical Unreviewed
CVE-2025-53072 was published Oct 21, 2025
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of... Critical Unreviewed
CVE-2025-53037 was published Oct 21, 2025
NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow Critical
CVE-2025-54469 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017,... Critical Unreviewed
CVE-2025-60772 was published Oct 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database