Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,811
Erlang
36
GitHub Actions
32
Go
2,396
Maven
5,000+
npm
4,033
NuGet
721
pip
3,824
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

109,881 advisories

Loading
Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows... High Unreviewed
CVE-2025-54452 was published Jul 23, 2025
Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics... High Unreviewed
CVE-2025-54445 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... High Unreviewed
CVE-2025-54439 was published Jul 23, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... High Unreviewed
CVE-2025-54441 was published Jul 23, 2025
files-bucket-server vulnerable to Directory Traversal High
CVE-2025-8021 was published for files-bucket-server (npm) Jul 23, 2025
private-ip vulnerable to Server-Side Request Forgery High
CVE-2025-8020 was published for private-ip (npm) Jul 23, 2025
Improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2024-53286 was published Jul 23, 2025
bun vulnerable to OS Command Injection High
CVE-2025-8022 was published for bun (npm) Jul 23, 2025
lirantal
The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to... High Unreviewed
CVE-2025-6190 was published Jul 23, 2025
The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up... High Unreviewed
CVE-2025-7722 was published Jul 23, 2025
A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by... High Unreviewed
CVE-2025-8060 was published Jul 23, 2025
A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for... High Unreviewed
CVE-2025-43022 was published Jul 23, 2025
Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration... High Unreviewed
CVE-2025-7766 was published Jul 23, 2025
Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to... High Unreviewed
CVE-2025-8011 was published Jul 23, 2025
Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to... High Unreviewed
CVE-2025-8010 was published Jul 23, 2025
DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that... High Unreviewed
CVE-2025-53703 was published Jul 23, 2025
DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user... High Unreviewed
CVE-2025-48733 was published Jul 23, 2025
DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack. This could... High Unreviewed
CVE-2025-41425 was published Jul 23, 2025
A command injection vulnerability exists that can be exploited after authentication in VIGI... High Unreviewed
CVE-2025-7723 was published Jul 22, 2025
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval... High Unreviewed
CVE-2025-31511 was published Jul 22, 2025
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval... High Unreviewed
CVE-2025-31512 was published Jul 22, 2025
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user... High Unreviewed
CVE-2025-8030 was published Jul 22, 2025
Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This... High Unreviewed
CVE-2025-8029 was published Jul 22, 2025
XSLT document loading did not correctly propagate the source document which bypassed its CSP.... High Unreviewed
CVE-2025-8032 was published Jul 22, 2025
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing... High Unreviewed
CVE-2025-8036 was published Jul 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database