Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

112,524 advisories

Loading
Deno is Vulnerable to Command Injection on Windows During Batch File Execution High
CVE-2025-61787 was published for deno (Rust) Oct 8, 2025
R4356th
Credited to R4356th
FuelVM is vulnerable to heap memory allocation re-use bug High
GHSA-2pgj-5cv2-6xxw was published for fuel-vm (Rust) Oct 8, 2025
A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This... High Unreviewed
CVE-2025-11444 was published Oct 8, 2025
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login... High Unreviewed
CVE-2025-11204 was published Oct 8, 2025
The Find Me On WordPress plugin through 2.0.9.1 does not sanitize and escape a parameter before... High Unreviewed
CVE-2025-10635 was published Oct 8, 2025
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10494 was published Oct 8, 2025
A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of... High Unreviewed
CVE-2025-11423 was published Oct 8, 2025
A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the... High Unreviewed
CVE-2025-11418 was published Oct 8, 2025
An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows... High Unreviewed
CVE-2025-48981 was published Oct 8, 2025
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class High
CVE-2025-6242 was published for vllm (pip) Oct 7, 2025
kexinoh d3do-23
lonelyuan huachenheli DarkLight1337 russellb sidhpurwala-huzaifa
Credited to kexinoh, d3do-23, lonelyuan, huachenheli, DarkLight1337, russellb, and sidhpurwala-huzaifa
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities High
CVE-2025-61784 was published for llamafactory (pip) Oct 7, 2025
d3do-23 kexinoh
lonelyuan
Credited to d3do-23, kexinoh, and lonelyuan
A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected... High Unreviewed
CVE-2025-11408 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... High Unreviewed
CVE-2025-43727 was published Oct 7, 2025
Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to... High Unreviewed
CVE-2025-44824 was published Oct 7, 2025
A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN... High Unreviewed
CVE-2025-11192 was published Oct 7, 2025
IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based... High Unreviewed
CVE-2025-36156 was published Oct 7, 2025
Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1... High Unreviewed
CVE-2025-43914 was published Oct 7, 2025
Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) High
CVE-2025-61772 was published for rack (RubyGems) Oct 7, 2025
kwkr jeremyevans
ioquatix
Credited to kwkr, jeremyevans, and ioquatix
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) High
CVE-2025-61771 was published for rack (RubyGems) Oct 7, 2025
kwkr jeremyevans
ioquatix
Credited to kwkr, jeremyevans, and ioquatix
Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) High
CVE-2025-61770 was published for rack (RubyGems) Oct 7, 2025
kwkr ioquatix
jeremyevans
Credited to kwkr, ioquatix, and jeremyevans
vLLM is vulnerable to timing attack at bearer auth High
CVE-2025-59425 was published for vllm (pip) Oct 7, 2025
russellb
Credited to russellb
A potential security vulnerability has been identified in HP Sure Start’s protection of the Intel... High Unreviewed
CVE-2023-6215 was published Oct 7, 2025
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into... High Unreviewed
CVE-2025-57564 was published Oct 7, 2025
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of... High Unreviewed
CVE-2025-54400 was published Oct 7, 2025
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of... High Unreviewed
CVE-2025-54402 was published Oct 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database