Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,471
Erlang
33
GitHub Actions
24
Go
2,179
Maven
5,000+
npm
3,835
NuGet
696
pip
3,514
Pub
12
RubyGems
910
Rust
908
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

248,597 advisories

Loading
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free... Critical Unreviewed
CVE-2018-15982 was published May 14, 2022
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to... Moderate Unreviewed
CVE-2025-23227 was published Jan 23, 2025
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT... Moderate Unreviewed
CVE-2024-12078 was published Jan 23, 2025
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model... High Unreviewed
CVE-2024-11147 was published Jan 23, 2025
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated... Critical Unreviewed
CVE-2024-52330 was published Jan 23, 2025
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An... Critical Unreviewed
CVE-2024-52329 was published Jan 23, 2025
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware... High Unreviewed
CVE-2024-52331 was published Jan 23, 2025
IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite... Moderate Unreviewed
CVE-2024-45672 was published Jan 23, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23634 was published Jan 23, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23636 was published Jan 23, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23545 was published Jan 23, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23724 was published Jan 23, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23730 was published Jan 23, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23894 was published Jan 23, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23960 was published Jan 23, 2025
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An... Moderate Unreviewed
CVE-2024-12079 was published Jan 23, 2025
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the... Low Unreviewed
CVE-2024-52328 was published Jan 23, 2025
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an... Moderate Unreviewed
CVE-2024-52325 was published Jan 23, 2025
The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to... Moderate Unreviewed
CVE-2024-52327 was published Jan 23, 2025
It has been found that the Beta10 software does not provide for proper authorisation control in... Critical Unreviewed
CVE-2025-0637 was published Jan 23, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22264 was published Jan 23, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows... High Unreviewed
CVE-2025-22768 was published Jan 23, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23626 was published Jan 23, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23624 was published Jan 23, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23628 was published Jan 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database