Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,115 advisories

Loading
This vulnerability allows attackers to execute arbitrary commands on the underlying system.... Critical Unreviewed
CVE-2025-59817 was published Sep 25, 2025
A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA)... Critical Unreviewed
CVE-2025-20363 was published Sep 25, 2025
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA)... Critical Unreviewed
CVE-2025-20333 was published Sep 25, 2025
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning Critical
CVE-2025-59823 was published for github.com/gardener/gardener-extension-provider-aws (Go) Sep 25, 2025
petersutter kon-angelo
hebelsan JordanJordanov donistz
Credited to petersutter, kon-angelo, hebelsan, JordanJordanov, and donistz
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within... Critical Unreviewed
CVE-2025-10542 was published Sep 25, 2025
cors-anywhere vulnerable to server-side request forgery Critical
CVE-2020-36851 was published for cors-anywhere (npm) Sep 25, 2025
A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11... Critical Unreviewed
CVE-2025-54943 was published Sep 25, 2025
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows... Critical Unreviewed
CVE-2025-54946 was published Sep 25, 2025
An external control of file name or path vulnerability in SUNNET Corporate Training Management... Critical Unreviewed
CVE-2025-54945 was published Sep 25, 2025
A missing authentication for critical function vulnerability in SUNNET Corporate Training... Critical Unreviewed
CVE-2025-54942 was published Sep 25, 2025
Duplicate Advisory: Malicious versions of Nx were published Critical
GHSA-8mjq-32x3-22qf was published for nx (npm) Sep 25, 2025 withdrawn
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within... Critical Unreviewed
CVE-2025-57347 was published Sep 24, 2025
Command Injection in adb-mcp MCP Server Critical
CVE-2025-59834 was published for adb-mcp (npm) Sep 24, 2025
lirantal
Credited to lirantal
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote... Critical Unreviewed
CVE-2025-10890 was published Sep 24, 2025
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Critical Unreviewed
CVE-2025-52906 was published Sep 24, 2025
An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT... Critical Unreviewed
CVE-2025-56819 was published Sep 24, 2025
Memory corruption when the UE receives an RTP packet from the network, during the reassembly of... Critical Unreviewed
CVE-2025-21483 was published Sep 24, 2025
Memory corruption while selecting the PLMN from SOR failed list. Critical Unreviewed
CVE-2025-27034 was published Sep 24, 2025
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is... Critical Unreviewed
CVE-2025-9054 was published Sep 24, 2025
The database for the web application is exposed without authentication, allowing an... Critical Unreviewed
CVE-2025-41715 was published Sep 24, 2025
Apache IoTDB: Deserialization of untrusted Data Critical
CVE-2025-48459 was published for org.apache.iotdb:iotdb-confignode (Maven) Sep 24, 2025
cai0duque
Credited to cai0duque
Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information... Critical Unreviewed
CVE-2025-9846 was published Sep 23, 2025
DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module Critical
CVE-2025-59545 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes valadas
mitchelsellers
Credited to bdukes, valadas, and mitchelsellers
A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission... Critical Unreviewed
CVE-2025-9962 was published Sep 23, 2025
A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and... Critical Unreviewed
CVE-2025-9963 was published Sep 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database