Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,589 advisories

Loading
Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in... Low Unreviewed
CVE-2025-11934 was published Nov 22, 2025
Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple... Moderate Unreviewed
CVE-2025-11936 was published Nov 22, 2025
Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on... Low Unreviewed
CVE-2025-11933 was published Nov 22, 2025
With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is... Low Unreviewed
CVE-2025-12889 was published Nov 22, 2025
The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code... Critical Unreviewed
CVE-2025-63213 was published Nov 19, 2025
vLLM deserialization vulnerability leading to DoS and potential RCE High
CVE-2025-62164 was published for vllm (pip) Nov 20, 2025
omriaxion russellb
DarkLight1337 Isotr0py ywang96
Credited to omriaxion, russellb, DarkLight1337, Isotr0py, and ywang96
angular Prototype Pollution vulnerability High
CVE-2019-10768 was published for angular (npm) Nov 20, 2019
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and... Critical Unreviewed
CVE-2025-34024 was published Jun 20, 2025
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system... Critical Unreviewed
CVE-2025-25038 was published Jun 20, 2025
Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 (UPnP modules), which... High Unreviewed
CVE-2025-11676 was published Nov 20, 2025
An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot... Critical Unreviewed
CVE-2025-34030 was published Jun 20, 2025
The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12842 was published Nov 19, 2025
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7... Critical Unreviewed
CVE-2025-34044 was published Jun 26, 2025
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi... Critical Unreviewed
CVE-2025-34054 was published Jul 1, 2025
An OS command injection vulnerability exists in various models of E-Series Linksys routers via... Critical Unreviewed
CVE-2025-34037 was published Jun 26, 2025
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL... High Unreviewed
CVE-2025-34048 was published Jun 26, 2025
An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version... Critical Unreviewed
CVE-2025-34049 was published Jun 26, 2025
An authenticated command injection vulnerability exists in the Beward N100 IP Camera firmware... Critical Unreviewed
CVE-2025-34042 was published Jun 26, 2025
CWE-20 Improper Input Validation Moderate Unreviewed
CVE-2025-55058 was published Nov 17, 2025
An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager,... High Unreviewed
CVE-2025-13319 was published Nov 17, 2025
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict Moderate
CVE-2025-13033 was published for nodemailer (npm) Oct 7, 2025
xclow3n
Credited to xclow3n
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no... Critical Unreviewed
CVE-2025-10460 was published Nov 17, 2025
Directus is Vulnerable to Stored Cross-site Scripting Moderate
CVE-2025-64747 was published for directus (npm) Nov 14, 2025
Cl0wnK1n9
Credited to Cl0wnK1n9
Improper neutralization of special elements used in a command ('command injection') in Visual... High Unreviewed
CVE-2025-62222 was published Nov 11, 2025
An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e... Critical Unreviewed
CVE-2025-34068 was published Jul 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database