Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,395
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

109,805 advisories

Loading
A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated,... High Unreviewed
CVE-2021-1303 was published May 24, 2022
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server... High Unreviewed
CVE-2010-10012 was published Jul 23, 2025
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0... High Unreviewed
CVE-2018-25113 was published Jul 23, 2025
A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote,... High Unreviewed
CVE-2025-40596 was published Jul 23, 2025
A local privilege escalation vulnerability exists in lastore-daemon, the system package manager... High Unreviewed
CVE-2016-15045 was published Jul 23, 2025
In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under... High Unreviewed
CVE-2025-46099 was published Jul 23, 2025
A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote,... High Unreviewed
CVE-2025-40597 was published Jul 23, 2025
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based... High Unreviewed
CVE-2025-33076 was published Jul 23, 2025
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based... High Unreviewed
CVE-2025-33077 was published Jul 23, 2025
A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux... High Unreviewed
CVE-2025-6018 was published Jul 23, 2025
A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow... High Unreviewed
CVE-2025-31700 was published Jul 23, 2025
FastAPI Guard has a regex bypass High
CVE-2025-54365 was published for fastapi-guard (pip) Jul 23, 2025
dhki rennf93
A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow... High Unreviewed
CVE-2025-31701 was published Jul 23, 2025
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing... High Unreviewed
CVE-2025-8036 was published Jul 22, 2025
Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This... High Unreviewed
CVE-2025-8029 was published Jul 22, 2025
XSLT document loading did not correctly propagate the source document which bypassed its CSP.... High Unreviewed
CVE-2025-8032 was published Jul 22, 2025
A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated,... High Unreviewed
CVE-2021-1264 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an... High Unreviewed
CVE-2021-1257 was published May 24, 2022
A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an... High Unreviewed
CVE-2019-1841 was published May 13, 2022
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write High
CVE-2025-54140 was published for pyload-ng (pip) Jul 21, 2025
odaysec
LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE High
CVE-2025-54138 was published for librenms/librenms (Composer) Jul 21, 2025
skraft9
NodeJS version of the HAX CMS application is distributed with Default Secrets High
CVE-2025-54137 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
lfgberg asareynolds
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient... High Unreviewed
CVE-2024-7401 was published Aug 26, 2024
A vulnerability in Imprivata Enterprise Access Management (formerly Imprivata OneSign) allows... High Unreviewed
CVE-2024-12310 was published Jul 23, 2025
A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered. High Unreviewed
CVE-2025-54297 was published Jul 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database