GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,350
Composer 4,652
Erlang 34
GitHub Actions 26
Go 2,257
Maven 5,512
npm 3,909
NuGet 704
pip 3,680
Pub 12
RubyGems 915
Rust 943
Swift 38

Unreviewed advisories

All unreviewed 253,217

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

22,127 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The... Critical Unreviewed

CVE-2025-27540 was published Apr 16, 2025

Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload... Critical Unreviewed

CVE-2024-40071 was published Apr 16, 2025

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection... Critical Unreviewed

CVE-2024-40073 was published Apr 16, 2025

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection... Critical Unreviewed

CVE-2024-40072 was published Apr 16, 2025

Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote... Critical Unreviewed

CVE-2025-39601 was published Apr 16, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in Ben Ritner - Kadence WP Kadence... Critical Unreviewed

CVE-2025-39557 was published Apr 16, 2025

Improper neutralization of input provided by a low-privileged user into a file search... Critical Unreviewed

CVE-2025-1981 was published Apr 16, 2025

The Ready_ application's Profile section allows users to upload files of any type and extension... Critical Unreviewed

CVE-2025-1980 was published Apr 16, 2025

Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs ... Critical Unreviewed

CVE-2025-3495 was published Apr 16, 2025

Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell... Critical Unreviewed

CVE-2025-30967 was published Apr 16, 2025

An attacker can upload an arbitrary file instead of a plant image. Critical Unreviewed

CVE-2025-30510 was published Apr 16, 2025

Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web... Critical Unreviewed

CVE-2025-26927 was published Apr 16, 2025

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into... Critical Unreviewed

CVE-2025-24297 was published Apr 16, 2025

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey... Critical Unreviewed

CVE-2025-30727 was published Apr 15, 2025

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the... Critical Unreviewed

CVE-2025-28399 was published Apr 15, 2025

An attacker could modify or disable settings, disrupt fuel monitoring and supply chain... Critical Unreviewed

CVE-2025-2567 was published Apr 15, 2025

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. Critical Unreviewed

CVE-2025-25456 was published Apr 15, 2025

Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the... Critical Unreviewed

CVE-2025-22900 was published Apr 15, 2025

A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code... Critical Unreviewed

CVE-2025-28100 was published Apr 15, 2025

A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix ... Critical Unreviewed

CVE-2021-27289 was published Apr 15, 2025

A flaw was found in libsoup, which is vulnerable to a use-after-free memory issue not on the heap... Critical Unreviewed

CVE-2025-32911 was published Apr 15, 2025

The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command... Critical Unreviewed

CVE-2025-28137 was published Apr 15, 2025

Deserialization of Untrusted Data vulnerability in NotFound GNUCommerce allows Object Injection.... Critical Unreviewed

CVE-2025-30985 was published Apr 15, 2025

A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other... Critical Unreviewed

CVE-2025-3578 was published Apr 15, 2025

In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open... Critical Unreviewed

CVE-2025-3579 was published Apr 15, 2025

Previous 1 2 3 4 5 6 7 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

22,127 advisories