Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,684 advisories

Loading
Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of... Critical Unreviewed
CVE-2025-1298 was published Feb 14, 2025
mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote... Critical Unreviewed
CVE-2025-25067 was published Feb 14, 2025
mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain... Critical Unreviewed
CVE-2025-22896 was published Feb 14, 2025
The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login... Critical Unreviewed
CVE-2025-1283 was published Feb 14, 2025
The administrative web interface of mySCADA myPRO Manager can be accessed without... Critical Unreviewed
CVE-2025-24865 was published Feb 14, 2025
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB.... Critical Unreviewed
CVE-2023-34399 was published Feb 14, 2025
The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged... Critical Unreviewed
CVE-2025-1127 was published Feb 13, 2025
A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record... Critical Unreviewed
CVE-2025-25388 was published Feb 13, 2025
A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record... Critical Unreviewed
CVE-2025-25389 was published Feb 13, 2025
Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an... Critical Unreviewed
CVE-2025-1270 was published Feb 13, 2025
The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2024-13182 was published Feb 13, 2025
The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and... Critical Unreviewed
CVE-2024-10763 was published Feb 13, 2025
Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote... Critical Unreviewed
CVE-2025-0896 was published Feb 13, 2025
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0... Critical Unreviewed
CVE-2024-7102 was published Feb 13, 2025
MaysWind ezBookkeeping has Improper Privilege Management Critical
CVE-2024-57604 was published for github.com/mayswind/ezbookkeeping (Go) Feb 13, 2025
Easy!Appointments Improper Restriction of Excessive Authentication Attempts Critical
CVE-2024-57602 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO:... Critical Unreviewed
CVE-2022-31631 was published Feb 13, 2025
Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function. Critical Unreviewed
CVE-2025-25343 was published Feb 12, 2025
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header Critical
GHSA-c2p2-hgjg-9r3f was published for islandora/crayfish (Composer) Feb 12, 2025
xbow-security
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) Critical
GHSA-vjh7-7g9h-fjfh was published for elliptic (npm) Feb 12, 2025
ChALkeR jprichardson
Inefficient Regular Expression Complexity in koa Critical
CVE-2025-25200 was published for koa (npm) Feb 12, 2025
R4356th
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability... Critical Unreviewed
CVE-2025-25744 was published Feb 12, 2025
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability... Critical Unreviewed
CVE-2025-25742 was published Feb 12, 2025
PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense... Critical Unreviewed
CVE-2025-25351 was published Feb 12, 2025
PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense... Critical Unreviewed
CVE-2025-25349 was published Feb 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database