Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

246,045 advisories

Loading
An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass... High Unreviewed
CVE-2025-23119 was published Mar 1, 2025
An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge... Critical Unreviewed
CVE-2025-23116 was published Mar 1, 2025
A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE)... Critical Unreviewed
CVE-2025-23115 was published Mar 1, 2025
An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious... Unknown Unreviewed
CVE-2025-23117 was published Mar 1, 2025
An Improper Certificate Validation vulnerability could allow an authenticated malicious actor... Moderate Unreviewed
CVE-2025-23118 was published Mar 1, 2025
A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with... Unknown Unreviewed
CVE-2025-25476 was published Mar 1, 2025
Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute... Unknown Unreviewed
CVE-2025-25379 was published Mar 1, 2025
Buffer Overflow vulnerability in GPAC version 2.5 allows a local attacker to execute arbitrary code. Unknown Unreviewed
CVE-2025-25723 was published Mar 1, 2025
The account file upload functionality in Syspass 3.2.x fails to properly handle special... Unknown Unreviewed
CVE-2025-25478 was published Mar 1, 2025
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong... Moderate Unreviewed
CVE-2025-26466 was published Mar 1, 2025
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is... High Unreviewed
CVE-2024-1509 was published Mar 1, 2025
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability... Unknown Unreviewed
CVE-2025-25635 was published Feb 28, 2025
PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was found to be vulnerable.... Moderate Unreviewed
CVE-2025-0769 was published Feb 28, 2025
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability... Unknown Unreviewed
CVE-2025-25610 was published Feb 28, 2025
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2... Critical Unreviewed
CVE-2025-0159 was published Feb 28, 2025
TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc... Unknown Unreviewed
CVE-2025-25428 was published Feb 28, 2025
During an address list folding when a separating comma ends up on a folded line and that line is... Low Unreviewed
CVE-2025-1795 was published Feb 28, 2025
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2... High Unreviewed
CVE-2025-0160 was published Feb 28, 2025
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability... Unknown Unreviewed
CVE-2025-25609 was published Feb 28, 2025
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the... Moderate Unreviewed
CVE-2025-25429 was published Feb 28, 2025
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the... Unknown Unreviewed
CVE-2025-25431 was published Feb 28, 2025
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the... Unknown Unreviewed
CVE-2025-25430 was published Feb 28, 2025
Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data... High Unreviewed
CVE-2025-24849 was published Feb 28, 2025
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of... Moderate Unreviewed
CVE-2024-54175 was published Feb 28, 2025
A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin... Moderate Unreviewed
CVE-2025-25461 was published Feb 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database