Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,781
Erlang
36
GitHub Actions
29
Go
2,345
Maven
5,000+
npm
3,976
NuGet
719
pip
3,772
Pub
12
RubyGems
923
Rust
980
Swift
38
Unreviewed advisories
All unreviewed
5,000+

283,153 advisories

Loading
pbkdf2 silently disregards Uint8Array input, returning static keys Critical
CVE-2025-6547 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos Critical
CVE-2025-6545 was published for pbkdf2 (npm) Jun 23, 2025
ChALkeR ljharb
In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local access to a server can bypass... Moderate Unreviewed
CVE-2021-47688 was published Jun 23, 2025
An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows... Unknown Unreviewed
CVE-2025-44528 was published Jun 23, 2025
PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in... Unknown Unreviewed
CVE-2025-50349 was published Jun 23, 2025
PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in... Unknown Unreviewed
CVE-2025-50348 was published Jun 23, 2025
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical.... Moderate Unreviewed
CVE-2025-6518 was published Jun 23, 2025
A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects... Low Unreviewed
CVE-2025-6524 was published Jun 23, 2025
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and... Unknown Unreviewed
CVE-2023-47030 was published Jun 23, 2025
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the... High Unreviewed
CVE-2025-2828 was published Jun 23, 2025
A vulnerability in the WebApl component of Mitel OpenScape Xpressions through V7R1 FR5 HF43 P913... Unknown Unreviewed
CVE-2025-48026 was published Jun 23, 2025
Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an authenticated attacker... Unknown Unreviewed
CVE-2025-23092 was published Jun 23, 2025
Meridian Technique Materialise OrthoView through 7.5.1 allows OS Command Injection when servlet... High Unreviewed
CVE-2025-23049 was published Jun 23, 2025
Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated... High Unreviewed
CVE-2025-52922 was published Jun 23, 2025
Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh... Critical Unreviewed
CVE-2025-52936 was published Jun 23, 2025
Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct... Critical Unreviewed
CVE-2025-52935 was published Jun 23, 2025
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in... Critical Unreviewed
CVE-2025-52921 was published Jun 23, 2025
Out-of-bounds Read vulnerability in dail8859 NotepadNext (src/lua/src modules). This... Moderate Unreviewed
CVE-2025-52938 was published Jun 23, 2025
Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This... Critical Unreviewed
CVE-2025-52939 was published Jun 23, 2025
Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within... Moderate Unreviewed
CVE-2025-52920 was published Jun 23, 2025
OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information... High Unreviewed
CVE-2025-27387 was published Jun 23, 2025
An incorrect authorization vulnerability exists in multiple WSO2 products that allows... Moderate Unreviewed
CVE-2024-3511 was published Jun 23, 2025
An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The... Critical Unreviewed
CVE-2024-45347 was published Jun 23, 2025
A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as... Moderate Unreviewed
CVE-2025-6476 was published Jun 23, 2025
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as... Moderate Unreviewed
CVE-2025-6401 was published Jun 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database