Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

253,100 advisories

Loading
BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows... Moderate Unreviewed
CVE-2025-2771 was published Apr 23, 2025
CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2025-2762 was published Apr 23, 2025
A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations... Moderate Unreviewed
CVE-2025-29526 was published Apr 23, 2025
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in... Unknown Unreviewed
CVE-2025-28018 was published Apr 23, 2025
TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via... Unknown Unreviewed
CVE-2025-28017 was published Apr 23, 2025
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in... Unknown Unreviewed
CVE-2025-28019 was published Apr 23, 2025
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This... High Unreviewed
CVE-2025-1522 was published Apr 23, 2025
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in... Unknown Unreviewed
CVE-2025-28020 was published Apr 23, 2025
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c... Unknown Unreviewed
CVE-2025-28025 was published Apr 23, 2025
PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability.... High Unreviewed
CVE-2025-1521 was published Apr 23, 2025
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c... Unknown Unreviewed
CVE-2025-28028 was published Apr 23, 2025
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through... Low Unreviewed
CVE-2025-46394 was published Apr 23, 2025
Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution... High Unreviewed
CVE-2025-1045 was published Apr 23, 2025
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow... Critical Unreviewed
CVE-2025-45429 was published Apr 23, 2025
Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-1048 was published Apr 23, 2025
Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows... High Unreviewed
CVE-2025-1050 was published Apr 23, 2025
Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2025-1049 was published Apr 23, 2025
Luxion KeyShot PVS File Parsing Access of Uninitialized Pointer Remote Code Execution... High Unreviewed
CVE-2025-1047 was published Apr 23, 2025
Luxion KeyShot SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-1046 was published Apr 23, 2025
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled ... Low Unreviewed
CVE-2025-46393 was published Apr 23, 2025
A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9.... Moderate Unreviewed
CVE-2025-43716 was published Apr 23, 2025
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after... Low Unreviewed
CVE-2025-43965 was published Apr 23, 2025
In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform... Critical Unreviewed
CVE-2025-45428 was published Apr 23, 2025
In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform... Critical Unreviewed
CVE-2025-45427 was published Apr 23, 2025
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor... Moderate Unreviewed
CVE-2025-2703 was published Apr 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database