GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,254
Composer 4,810
Erlang 36
GitHub Actions 31
Go 2,396
Maven 5,778
npm 4,030
NuGet 721
pip 3,820
Pub 12
RubyGems 932
Rust 988
Swift 38

Unreviewed advisories

All unreviewed 263,583

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

26,317 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The embedded web server on the thermostat listed version ranges contain a vulnerability that... Critical Unreviewed

CVE-2025-6260 was published Jul 24, 2025

A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId... Critical Unreviewed

CVE-2025-46410 was published Jul 24, 2025

A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter... Critical Unreviewed

CVE-2025-50128 was published Jul 24, 2025

A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality... Critical Unreviewed

CVE-2025-53084 was published Jul 24, 2025

A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter... Critical Unreviewed

CVE-2025-41420 was published Jul 24, 2025

XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter Critical

CVE-2025-32429 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Jul 24, 2025

A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe... Critical Unreviewed

CVE-2016-15044 was published Jul 24, 2025

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and... Critical Unreviewed

CVE-2015-10141 was published Jul 23, 2025

The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker... Critical Unreviewed

CVE-2017-20198 was published Jul 23, 2025

Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code... Critical Unreviewed

CVE-2022-4978 was published Jul 23, 2025

A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1... Critical Unreviewed

CVE-2018-25114 was published Jul 23, 2025

An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management... Critical Unreviewed

CVE-2025-40599 was published Jul 23, 2025

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows... Critical Unreviewed

CVE-2025-54294 was published Jul 23, 2025

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate... Critical Unreviewed

CVE-2025-53882 was published Jul 23, 2025

An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management... Critical Unreviewed

CVE-2025-41687 was published Jul 23, 2025

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value... Critical Unreviewed

CVE-2025-8070 was published Jul 23, 2025

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed

CVE-2025-54446 was published Jul 23, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... Critical Unreviewed

CVE-2025-54448 was published Jul 23, 2025

Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics... Critical Unreviewed

CVE-2025-54451 was published Jul 23, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... Critical Unreviewed

CVE-2025-54449 was published Jul 23, 2025

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows... Critical Unreviewed

CVE-2025-54454 was published Jul 23, 2025

Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows... Critical Unreviewed

CVE-2025-54455 was published Jul 23, 2025

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed

CVE-2025-54443 was published Jul 23, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... Critical Unreviewed

CVE-2025-54440 was published Jul 23, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9... Critical Unreviewed

CVE-2025-54442 was published Jul 23, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

26,317 advisories