Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,395
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

109,805 advisories

Loading
A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered. High Unreviewed
CVE-2025-54296 was published Jul 23, 2025
A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows... High Unreviewed
CVE-2025-50127 was published Jul 23, 2025
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size... High Unreviewed
CVE-2025-6021 was published Jun 12, 2025
An authenticated remote attacker can execute arbitrary commands with root privileges on affected... High Unreviewed
CVE-2025-41684 was published Jul 23, 2025
An authenticated remote attacker can execute arbitrary commands with root privileges on affected... High Unreviewed
CVE-2025-41683 was published Jul 23, 2025
Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for... High Unreviewed
CVE-2024-11013 was published Nov 29, 2024
Improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2024-53286 was published Jul 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-54453 was published Jul 23, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-54450 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... High Unreviewed
CVE-2025-54439 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... High Unreviewed
CVE-2025-54441 was published Jul 23, 2025
Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows... High Unreviewed
CVE-2025-54452 was published Jul 23, 2025
Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics... High Unreviewed
CVE-2025-54445 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... High Unreviewed
CVE-2025-54447 was published Jul 23, 2025
The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to... High Unreviewed
CVE-2025-6190 was published Jul 23, 2025
The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up... High Unreviewed
CVE-2025-7722 was published Jul 23, 2025
A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by... High Unreviewed
CVE-2025-8060 was published Jul 23, 2025
DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack. This could... High Unreviewed
CVE-2025-41425 was published Jul 23, 2025
A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for... High Unreviewed
CVE-2025-43022 was published Jul 23, 2025
DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user... High Unreviewed
CVE-2025-48733 was published Jul 23, 2025
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that... High Unreviewed
CVE-2025-53703 was published Jul 23, 2025
Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration... High Unreviewed
CVE-2025-7766 was published Jul 23, 2025
In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a... High Unreviewed
CVE-2024-32925 was published Jun 13, 2024
Use of weak credentials in emergency authentication component in Devolutions Server allows an... High Unreviewed
CVE-2025-6523 was published Jul 22, 2025
The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used... High Unreviewed
CVE-2024-2410 was published May 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database