Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,784 advisories

Loading
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with... Critical Unreviewed
CVE-2025-59374 was published Dec 17, 2025
An input neutralization vulnerability in the Webhook Template component of Crafty Controller... Critical Unreviewed
CVE-2025-14700 was published Dec 17, 2025
Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication Critical
CVE-2025-12419 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Node-SAML SAML Authentication Bypass Critical
CVE-2025-54369 was published for @node-saml/node-saml (npm) Jul 25, 2025
ahacker1-securesaml cjbarth
Credited to ahacker1-securesaml and cjbarth
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused... Critical Unreviewed
CVE-2025-46295 was published Dec 16, 2025
A remote code execution issue exists in HPE OneView. Critical Unreviewed
CVE-2025-37164 was published Dec 16, 2025
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0... Critical Unreviewed
CVE-2025-59718 was published Dec 9, 2025
SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to... Critical Unreviewed
CVE-2021-41659 was published Jan 25, 2022
OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources Critical
CVE-2025-13888 was published for github.com/redhat-developer/gitops-operator (Go) Dec 15, 2025
An issue was discovered in Frappe ERPNext through 15.89.0. Function... Critical Unreviewed
CVE-2025-66439 was published Dec 15, 2025
Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig... Critical Unreviewed
CVE-2025-66131 was published Dec 16, 2025
An SSTI (Server-Side Template Injection) vulnerability exists in the get_dunning_letter_text... Critical Unreviewed
CVE-2025-66434 was published Dec 15, 2025
In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig... Critical Unreviewed
CVE-2025-66844 was published Dec 15, 2025
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26, Safari 26,... Critical Unreviewed
CVE-2025-43343 was published Sep 16, 2025
An issue was discovered in Frappe ERPNext through 15.89.0. Function... Critical Unreviewed
CVE-2025-66440 was published Dec 15, 2025
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers... Critical Unreviewed
CVE-2023-53895 was published Dec 16, 2025
phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by... Critical Unreviewed
CVE-2023-53894 was published Dec 16, 2025
NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this... Critical Unreviewed
CVE-2025-33210 was published Dec 16, 2025
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an... Critical Unreviewed
CVE-2025-63414 was published Dec 16, 2025
TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u... Critical Unreviewed
CVE-2025-55895 was published Dec 15, 2025
A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89... Critical Unreviewed
CVE-2025-66438 was published Dec 15, 2025
The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ... Critical Unreviewed
CVE-2024-6028 was published Jun 25, 2024
LikeC4 has RCE through vulnerable React and Next.js versions Critical
GHSA-vr6p-vq2p-6j74 was published for likec4 (npm) Dec 15, 2025
fnuttens
Credited to fnuttens
Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the... Critical Unreviewed
CVE-2025-4967 was published May 29, 2025
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy... Critical Unreviewed
CVE-2025-0890 was published Feb 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database