Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,966
NuGet
713
pip
3,759
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,894 advisories

Loading
The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to... Critical Unreviewed
CVE-2025-6065 was published Jun 14, 2025
MCP Inspector proxy server lacks authentication between the Inspector client and proxy Critical
CVE-2025-49596 was published for @modelcontextprotocol/inspector (npm) Jun 13, 2025
Salt vulnerable to directory traversal attack in file receiving method Critical
CVE-2024-38824 was published for salt (pip) Jun 13, 2025
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization Critical
CVE-2025-49113 was published for roundcube/roundcubemail (Composer) Jun 2, 2025
Malayke
Amazon JDBC Driver for Redshift SQL Injection via line comment generation Critical
CVE-2024-32888 was published for com.amazon.redshift:redshift-jdbc42 (Maven) May 15, 2024
paul-gerste-sonarsource
TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of... Critical Unreviewed
CVE-2025-2884 was published Jun 10, 2025
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker... Critical Unreviewed
CVE-2025-46060 was published Jun 13, 2025
OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account. Critical Unreviewed
CVE-2025-28388 was published Jun 13, 2025
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a... Critical Unreviewed
CVE-2025-28389 was published Jun 13, 2025
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute... Critical Unreviewed
CVE-2025-28384 was published Jun 13, 2025
The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches... Critical Unreviewed
CVE-2023-0224 was published Jan 16, 2024
Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is... Critical Unreviewed
CVE-2022-4976 was published Jun 12, 2025
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST... Critical Unreviewed
CVE-2024-39243 was published Jun 26, 2024
Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL... Critical Unreviewed
CVE-2025-45984 was published Jun 13, 2025
An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6... Critical Unreviewed
CVE-2024-52770 was published Nov 20, 2024
Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key... Critical Unreviewed
CVE-2025-6030 was published Jun 13, 2025
Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key... Critical Unreviewed
CVE-2025-6029 was published Jun 13, 2025
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL... Critical Unreviewed
CVE-2025-45985 was published Jun 13, 2025
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL... Critical Unreviewed
CVE-2025-45987 was published Jun 13, 2025
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL... Critical Unreviewed
CVE-2025-45986 was published Jun 13, 2025
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL... Critical Unreviewed
CVE-2025-45988 was published Jun 13, 2025
Remote code execution that allows unauthorized users to execute arbitrary code on the server... Critical Unreviewed
CVE-2025-29902 was published Jun 13, 2025
Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0... Critical Unreviewed
CVE-2025-46783 was published Jun 13, 2025
In the moPS App through 1.8.618, all users can access administrative API endpoints without... Critical Unreviewed
CVE-2024-55585 was published Jun 7, 2025
The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for... Critical Unreviewed
CVE-2025-5288 was published Jun 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database