Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,692
Erlang
34
GitHub Actions
27
Go
2,279
Maven
5,000+
npm
3,931
NuGet
708
pip
3,699
Pub
12
RubyGems
919
Rust
957
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,589 advisories

Loading
Improper Restriction of XML External Entity Reference vulnerability in bonigarcia... Critical Unreviewed
CVE-2025-4641 was published May 14, 2025
A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within... Critical Unreviewed
CVE-2025-4638 was published May 14, 2025
Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advance... Critical Unreviewed
CVE-2024-10865 was published May 14, 2025
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who... Critical Unreviewed
CVE-2024-24780 was published May 14, 2025
OPKSSH Vulnerable to Authentication Bypass Critical
CVE-2025-4658 was published for github.com/openpubkey/opkssh (Go) May 13, 2025
EthanHeilman
OpenPubkey Vulnerable to Authentication Bypass Critical
CVE-2025-3757 was published for github.com/openpubkey/openpubkey (Go) May 13, 2025
EthanHeilman
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access... Critical Unreviewed
CVE-2025-43563 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-43560 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect... Critical Unreviewed
CVE-2025-43561 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-43559 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access... Critical Unreviewed
CVE-2025-43564 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper... Critical Unreviewed
CVE-2025-43562 was published May 13, 2025
Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS)... Critical Unreviewed
CVE-2025-43567 was published May 13, 2025
In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the... Critical Unreviewed
CVE-2025-45746 was published May 13, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr... Critical Unreviewed
CVE-2025-45865 was published May 13, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr... Critical Unreviewed
CVE-2025-45863 was published May 13, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the... Critical Unreviewed
CVE-2025-45861 was published May 13, 2025
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an... Critical Unreviewed
CVE-2025-30387 was published May 13, 2025
EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via... Critical Unreviewed
CVE-2025-45857 was published May 13, 2025
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability... Critical Unreviewed
CVE-2025-45858 was published May 13, 2025
rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component. Critical Unreviewed
CVE-2025-28056 was published May 13, 2025
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024... Critical Unreviewed
CVE-2025-22462 was published May 13, 2025
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via... Critical Unreviewed
CVE-2024-46506 was published May 13, 2025
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject... Critical Unreviewed
CVE-2025-44831 was published May 13, 2025
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0... Critical Unreviewed
CVE-2025-32756 was published May 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database