Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,952
Erlang
39
GitHub Actions
38
Go
2,612
Maven
5,000+
npm
4,252
NuGet
760
pip
4,027
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,299 advisories

Loading
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability... Critical Unreviewed
CVE-2025-53883 was published Oct 30, 2025
DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite Critical
CVE-2025-64095 was published for DNN.PLATFORM (NuGet) Oct 29, 2025
bdukes valadas
Credited to bdukes and valadas
D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a... Critical Unreviewed
CVE-2018-25120 was published Oct 29, 2025
win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This... Critical Unreviewed
CVE-2025-11202 was published Oct 29, 2025
Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . Critical Unreviewed
CVE-2025-12476 was published Oct 29, 2025
Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . Critical Unreviewed
CVE-2025-12477 was published Oct 29, 2025
Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19... Critical Unreviewed
CVE-2025-12478 was published Oct 29, 2025
Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU... Critical Unreviewed
CVE-2025-12479 was published Oct 29, 2025
A stack-based buffer overflow issue was discovered in the phddns client in Blu-Castle BCUM221E 1... Critical Unreviewed
CVE-2024-45162 was published Oct 29, 2025
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre... Critical Unreviewed
CVE-2025-4665 was published Oct 29, 2025
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public... Critical Unreviewed
CVE-2025-61235 was published Oct 28, 2025
Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5;... Critical Unreviewed
CVE-2025-12423 was published Oct 28, 2025
Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . Critical Unreviewed
CVE-2025-12425 was published Oct 28, 2025
Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4:... Critical Unreviewed
CVE-2025-12424 was published Oct 28, 2025
Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on... Critical Unreviewed
CVE-2025-12422 was published Oct 28, 2025
zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via... Critical Unreviewed
CVE-2025-60355 was published Oct 28, 2025
IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote... Critical Unreviewed
CVE-2025-36386 was published Oct 28, 2025
Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware... Critical Unreviewed
CVE-2025-61128 was published Oct 28, 2025
An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in... Critical Unreviewed
CVE-2025-61043 was published Oct 28, 2025
Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after... Critical Unreviewed
CVE-2025-12380 was published Oct 28, 2025
An unauthenticated user can connect to a publicly accessible database using arbitrary credentials... Critical Unreviewed
CVE-2025-9313 was published Oct 28, 2025
Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Critical Unreviewed
CVE-2025-12364 was published Oct 27, 2025
Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Critical Unreviewed
CVE-2025-12363 was published Oct 27, 2025
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload... Critical Unreviewed
CVE-2025-27224 was published Oct 27, 2025
Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from... Critical Unreviewed
CVE-2025-34292 was published Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database