Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,781
Maven
5,000+
npm
4,386
NuGet
772
pip
4,164
Pub
12
RubyGems
965
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

116,472 advisories

Loading
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') High Unreviewed
CVE-2025-55065 was published Jan 1, 2026
A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0,... High Unreviewed
CVE-2025-11157 was published Jan 1, 2026
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the... High Unreviewed
CVE-2025-15356 was published Dec 30, 2025
FacturaScripts is Vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload High
CVE-2025-69210 was published for facturascripts/facturascripts (Composer) Dec 30, 2025
vettrivel007
Credited to vettrivel007
serverless MCP Server vulnerable to Command Injection in list-projects tool High
CVE-2025-69256 was published for serverless (npm) Dec 31, 2025
dellalibera
Credited to dellalibera
LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS High
CVE-2025-12183 was published for at.yawk.lz4:lz4-java (Maven) Nov 28, 2025
Marcono1234 pjfanning
Credited to Marcono1234 and pjfanning
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash High
CVE-2023-7332 was published for pocketmine/pocketmine-mp (Composer) Jun 6, 2023
dktapps
Credited to dktapps
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated... High Unreviewed
CVE-2025-15225 was published Dec 29, 2025
A vulnerability was determined in UTT 进取 512W up to 1.7.7-171114. This issue affects the function... High Unreviewed
CVE-2025-15091 was published Dec 26, 2025
A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the... High Unreviewed
CVE-2025-15090 was published Dec 26, 2025
A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function... High Unreviewed
CVE-2025-15089 was published Dec 26, 2025
A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy... High Unreviewed
CVE-2025-15092 was published Dec 26, 2025
Path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File... High Unreviewed
CVE-2021-45010 was published Mar 16, 2022
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution... High Unreviewed
CVE-2015-10145 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23667 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23707 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53235 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-50053 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-47566 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23757 was published Dec 31, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-30628 was published Dec 31, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-52739 was published Dec 31, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This... High Unreviewed
CVE-2025-31054 was published Dec 31, 2025
Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows... High Unreviewed
CVE-2020-36903 was published Dec 31, 2025
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non... High Unreviewed
CVE-2021-47726 was published Dec 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database