Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,781
Maven
5,000+
npm
4,386
NuGet
772
pip
4,164
Pub
12
RubyGems
965
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

116,472 advisories

Loading
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') High Unreviewed
CVE-2025-55065 was published Jan 1, 2026
A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0,... High Unreviewed
CVE-2025-11157 was published Jan 1, 2026
serverless MCP Server vulnerable to Command Injection in list-projects tool High
CVE-2025-69256 was published for serverless (npm) Dec 31, 2025
dellalibera
Credited to dellalibera
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-52739 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-50053 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53235 was published Dec 31, 2025
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution... High Unreviewed
CVE-2015-10145 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23757 was published Dec 31, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-28949 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23705 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23707 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23667 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23719 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-47566 was published Dec 31, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-30628 was published Dec 31, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This... High Unreviewed
CVE-2025-31054 was published Dec 31, 2025
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer... High Unreviewed
CVE-2025-34468 was published Dec 31, 2025
Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows... High Unreviewed
CVE-2020-36903 was published Dec 31, 2025
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non... High Unreviewed
CVE-2021-47726 was published Dec 31, 2025
Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the... High Unreviewed
CVE-2021-47745 was published Dec 31, 2025
Epic Games Psyonix Rocket League <=1.95 contains an insecure permissions vulnerability that... High Unreviewed
CVE-2021-47742 was published Dec 31, 2025
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows... High Unreviewed
CVE-2021-47741 was published Dec 31, 2025
meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php... High Unreviewed
CVE-2021-47747 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23608 was published Dec 31, 2025
VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing... High Unreviewed
CVE-2025-15389 was published Dec 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database