Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,396
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

26,317 advisories

Loading
An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet... Critical Unreviewed
CVE-2025-7503 was published Jul 11, 2025
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'... Critical Unreviewed
CVE-2025-50121 was published Jul 11, 2025
The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to... Critical Unreviewed
CVE-2025-5392 was published Jul 11, 2025
The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-7401 was published Jul 11, 2025
The communication protocol used between client and server had a flaw that could lead to an... Critical Unreviewed
CVE-2025-30023 was published Jul 11, 2025
Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive... Critical Unreviewed
CVE-2025-52579 was published Jul 11, 2025
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Critical
CVE-2024-47561 was published for org.apache.avro:avro (Maven) Oct 3, 2024
dbrugman
The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability... Critical Unreviewed
CVE-2025-2523 was published Jul 10, 2025
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009)... Critical Unreviewed
CVE-2025-34102 was published Jul 10, 2025
An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4... Critical Unreviewed
CVE-2025-34101 was published Jul 10, 2025
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2.... Critical Unreviewed
CVE-2025-34096 was published Jul 10, 2025
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of... Critical Unreviewed
CVE-2025-34100 was published Jul 10, 2025
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically... Critical Unreviewed
CVE-2025-34095 was published Jul 10, 2025
In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an... Critical Unreviewed
CVE-2024-44081 was published Oct 30, 2024
On versions before 2.1.4, session is not invalidated after logout. When the user logged in... Critical Unreviewed
CVE-2024-29070 was published Jul 23, 2024
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token Critical
CVE-2025-53624 was published for docusaurus-plugin-content-gists (npm) Jul 9, 2025
webbertakken
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests Critical
CVE-2025-53620 was published for @builder.io/qwik-city (npm) Jul 9, 2025
finalgamer
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and... Critical Unreviewed
CVE-2025-34035 was published Jun 26, 2025
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute... Critical Unreviewed
CVE-2023-48978 was published Jun 23, 2025
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting... Critical Unreviewed
CVE-2025-34036 was published Jun 26, 2025
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded... Critical Unreviewed
CVE-2025-34034 was published Jun 26, 2025
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file... Critical Unreviewed
CVE-2024-8856 was published Nov 16, 2024
MCP Inspector proxy server lacks authentication between the Inspector client and proxy Critical
CVE-2025-49596 was published for @modelcontextprotocol/inspector (npm) Jun 13, 2025
JLLeitschuh
mcp-remote exposed to OS command injection via untrusted MCP server connections Critical
CVE-2025-6514 was published for mcp-remote (npm) Jul 9, 2025
The device has two web servers that expose unauthenticated REST APIs on the management network ... Critical Unreviewed
CVE-2025-3499 was published Jul 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database