Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,683 advisories

Loading
An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge... Critical Unreviewed
CVE-2025-23116 was published Mar 1, 2025
A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE)... Critical Unreviewed
CVE-2025-23115 was published Mar 1, 2025
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2... Critical Unreviewed
CVE-2025-0159 was published Feb 28, 2025
IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement Critical
GHSA-jg6f-48ff-5xrw was published for github.com/cosmos/ibc-go (Go) Feb 28, 2025
swelf19
Application does not limit the number or frequency of user interactions, such as the number of... Critical Unreviewed
CVE-2025-22273 was published Feb 28, 2025
The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local... Critical Unreviewed
CVE-2024-9193 was published Feb 28, 2025
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx).... Critical Unreviewed
CVE-2025-1413 was published Feb 28, 2025
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads... Critical Unreviewed
CVE-2024-8425 was published Feb 28, 2025
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to,... Critical Unreviewed
CVE-2024-8420 was published Feb 28, 2025
Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or... Critical Unreviewed
CVE-2025-1744 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. Critical Unreviewed
CVE-2024-37567 was published Feb 28, 2025
In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible,... Critical Unreviewed
CVE-2024-38292 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation. Critical Unreviewed
CVE-2024-36047 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 executes with more privileges than required. Critical Unreviewed
CVE-2024-36046 was published Feb 28, 2025
Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. Critical Unreviewed
CVE-2024-37566 was published Feb 28, 2025
ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php. Critical Unreviewed
CVE-2025-26325 was published Feb 28, 2025
Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded... Critical Unreviewed
CVE-2025-25570 was published Feb 28, 2025
Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8... Critical Unreviewed
CVE-2024-51139 was published Feb 27, 2025
An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior... Critical Unreviewed
CVE-2024-41339 was published Feb 27, 2025
Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and... Critical Unreviewed
CVE-2024-51138 was published Feb 27, 2025
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860... Critical Unreviewed
CVE-2024-41334 was published Feb 27, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2024-13148 was published Feb 27, 2025
A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This... Critical Unreviewed
CVE-2025-1751 was published Feb 27, 2025
Mautic allows Remote Code Execution and File Deletion in Asset Uploads Critical
CVE-2024-47051 was published for mautic/core (Composer) Feb 26, 2025
mallo-m patrykgruszka
LTI JupyterHub Authenticator does not properly validate JWT Signature Critical
CVE-2023-25574 was published for jupyterhub-ltiauthenticator (pip) Feb 25, 2025
consideRatio
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database