Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

267,483 advisories

Loading
An attacker could retrieve sensitive files (medical images) as well as plant new medical images... High Unreviewed
CVE-2024-33606 was published Jun 11, 2024
The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-5226 was published Aug 8, 2024
The Brizy – Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2024-6254 was published Aug 8, 2024
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-5085 was published May 23, 2024
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write... High Unreviewed
CVE-2024-22273 was published May 21, 2024
In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the... Moderate Unreviewed
CVE-2021-47436 was published May 22, 2024
An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass... High Unreviewed
CVE-2025-23119 was published Mar 1, 2025
An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge... Critical Unreviewed
CVE-2025-23116 was published Mar 1, 2025
A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE)... Critical Unreviewed
CVE-2025-23115 was published Mar 1, 2025
An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious... Unknown Unreviewed
CVE-2025-23117 was published Mar 1, 2025
An Improper Certificate Validation vulnerability could allow an authenticated malicious actor... Moderate Unreviewed
CVE-2025-23118 was published Mar 1, 2025
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification... High Unreviewed
CVE-2024-7031 was published Aug 3, 2024
MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an... High Unreviewed
CVE-2024-28877 was published Jun 11, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2023-23735 was published Jun 4, 2024
A vulnerability classified as critical has been found in Axiomatic Bento4 up to 1.6.0. This... Moderate Unreviewed
CVE-2025-0751 was published Jan 27, 2025
A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio... Moderate Unreviewed
CVE-2024-12960 was published Dec 26, 2024
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860... High Unreviewed
CVE-2024-41335 was published Feb 27, 2025
An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8,... High Unreviewed
CVE-2024-41340 was published Feb 27, 2025
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php. Moderate Unreviewed
CVE-2025-25514 was published Feb 26, 2025
Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and... Critical Unreviewed
CVE-2024-51138 was published Feb 27, 2025
A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical.... Moderate Unreviewed
CVE-2025-0870 was published Jan 30, 2025
A vulnerability classified as critical was found in Axiomatic Bento4 up to 1.6.0. This... Moderate Unreviewed
CVE-2025-0753 was published Jan 27, 2025
A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with... Unknown Unreviewed
CVE-2025-25476 was published Mar 1, 2025
Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code. Unknown Unreviewed
CVE-2025-25723 was published Mar 1, 2025
The account file upload functionality in Syspass 3.2.x fails to properly handle special... Unknown Unreviewed
CVE-2025-25478 was published Mar 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database