GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,874
Composer 5,065
Erlang 39
GitHub Actions 38
Go 2,698
Maven 6,138
npm 4,324
NuGet 761
pip 4,099
Pub 12
RubyGems 958
Rust 1,063
Swift 45

Unreviewed advisories

All unreviewed 278,625

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

24,108 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not... Critical Unreviewed

CVE-2025-58386 was published Dec 2, 2025

In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar... Critical Unreviewed

CVE-2025-65267 was published Dec 3, 2025

OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL... Critical Unreviewed

CVE-2025-65235 was published Nov 26, 2025

Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S... Critical Unreviewed

CVE-2025-66262 was published Nov 26, 2025

Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed

CVE-2025-66261 was published Nov 26, 2025

Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed

CVE-2025-66256 was published Nov 26, 2025

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica... Critical Unreviewed

CVE-2025-66259 was published Nov 26, 2025

Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p... Critical Unreviewed

CVE-2025-66253 was published Nov 26, 2025

Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni... Critical Unreviewed

CVE-2025-66257 was published Nov 26, 2025

Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S... Critical Unreviewed

CVE-2025-66250 was published Nov 26, 2025

Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni... Critical Unreviewed

CVE-2025-66255 was published Nov 26, 2025

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8... Critical Unreviewed

CVE-2025-34319 was published Dec 3, 2025

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions... Critical Unreviewed

CVE-2025-13390 was published Dec 3, 2025

A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers... Critical Unreviewed

CVE-2025-51683 was published Dec 1, 2025

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration... Critical Unreviewed

CVE-2025-10230 was published Nov 7, 2025

A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to... Critical Unreviewed

CVE-2024-44373 was published Aug 19, 2025

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Critical Unreviewed

CVE-2025-59703 was published Dec 2, 2025

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through... Critical Unreviewed

CVE-2025-59693 was published Dec 2, 2025

code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the... Critical Unreviewed

CVE-2025-60736 was published Dec 2, 2025

dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend... Critical Unreviewed

CVE-2025-65656 was published Dec 2, 2025

A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the... Critical Unreviewed

CVE-2025-60854 was published Dec 2, 2025

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via... Critical Unreviewed

CVE-2025-65358 was published Dec 2, 2025

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext... Critical Unreviewed

CVE-2021-20232 was published May 24, 2022

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification... Critical Unreviewed

CVE-2025-13342 was published Dec 3, 2025

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution... Critical Unreviewed

CVE-2025-13486 was published Dec 3, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

24,108 advisories