Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,117 advisories

Loading
Due to missing verification of file type or content, SAP Supplier Relationship Management allows... Critical Unreviewed
CVE-2025-42910 was published Oct 14, 2025
SAP Print Service (SAPSprint) performs insufficient validation of path information provided by... Critical Unreviewed
CVE-2025-42937 was published Oct 14, 2025
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could... Critical Unreviewed
CVE-2025-42944 was published Sep 9, 2025
Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel Critical
CVE-2025-50538 was published for flowise (npm) Oct 3, 2025
mikensec
Credited to mikensec
Happy DOM: VM Context Escape can lead to Remote Code Execution Critical
CVE-2025-61927 was published for happy-dom (npm) Oct 10, 2025
Mas0nShi
Credited to Mas0nShi
Better Auth: Unauthenticated API key creation through api-key plugin Critical
CVE-2025-61928 was published for better-auth (npm) Oct 9, 2025
etiennelunetta
Credited to etiennelunetta
The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the... Critical Unreviewed
CVE-2022-41648 was published Oct 28, 2022
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try
Credited to cold-try
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-6919 was published Oct 13, 2025
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise... Critical Unreviewed
CVE-2025-37729 was published Oct 13, 2025
An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform... Critical Unreviewed
CVE-2025-9976 was published Oct 13, 2025
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker... Critical Unreviewed
CVE-2025-9265 was published Oct 13, 2025
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design... Critical Unreviewed
CVE-2025-6439 was published Oct 11, 2025
The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed
CVE-2025-6553 was published Oct 11, 2025
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,... Critical Unreviewed
CVE-2025-11533 was published Oct 11, 2025
In modem, there is a possible system crash due to improper input validation. This could lead to... Critical Unreviewed
CVE-2025-31718 was published Oct 11, 2025
In modem, there is a possible system crash due to improper input validation. This could lead to... Critical Unreviewed
CVE-2025-31717 was published Oct 11, 2025
JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main... Critical Unreviewed
CVE-2025-60269 was published Oct 10, 2025
Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to... Critical Unreviewed
CVE-2025-40664 was published May 26, 2025
code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege... Critical Unreviewed
CVE-2025-60306 was published Oct 10, 2025
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin... Critical Unreviewed
CVE-2025-60316 was published Oct 9, 2025
E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily... Critical Unreviewed
CVE-2025-6519 was published Oct 10, 2025
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE Critical
CVE-2025-10283 was published for bbot (pip) Oct 9, 2025
justinsteven
Credited to justinsteven
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE Critical
CVE-2025-10284 was published for bbot (pip) Oct 9, 2025
justinsteven liquidsec
TheTechromancer
Credited to justinsteven, liquidsec, and TheTechromancer
Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-59246 was published Oct 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database