Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

139,837 advisories

Loading
Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an... Moderate Unreviewed
CVE-2025-42902 was published Oct 14, 2025
A vulnerability in SAP Financial Service Claims Management RFC function... Moderate Unreviewed
CVE-2025-42903 was published Oct 14, 2025
SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript... Moderate Unreviewed
CVE-2025-42901 was published Oct 14, 2025
SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web... Moderate Unreviewed
CVE-2025-42906 was published Oct 14, 2025
Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for... Moderate Unreviewed
CVE-2025-42908 was published Oct 14, 2025
SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with... Moderate Unreviewed
CVE-2025-42939 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62392 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62390 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62386 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62384 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62388 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62389 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62391 was published Oct 14, 2025
Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0... Moderate Unreviewed
CVE-2025-62251 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62387 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-11623 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62385 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62383 was published Oct 14, 2025
LibreNMS is vulnerable to Reflected-XSS in `report_this` function Moderate
CVE-2025-62365 was published for librenms/librenms (Composer) Oct 13, 2025
GatekeeperBuster
Credited to GatekeeperBuster
A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown... Moderate Unreviewed
CVE-2025-9721 was published Oct 13, 2025
A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an... Moderate Unreviewed
CVE-2025-9722 was published Oct 13, 2025
A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function... Moderate Unreviewed
CVE-2025-9720 was published Oct 13, 2025
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of... Moderate Unreviewed
CVE-2025-9723 was published Oct 13, 2025
Liferay Mentions Web is Vulnerable to Cross-site Scripting Moderate
CVE-2025-62246 was published for com.liferay:com.liferay.mentions.web (Maven) Oct 13, 2025
Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62242 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database