Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,580 advisories

Loading
Improper Authorization vulnerability in Magento and Adobe Commerce Critical
CVE-2025-24434 was published for magento/community-edition (Composer) Feb 11, 2025
ihor-sviziev
The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and... Critical Unreviewed
CVE-2024-10763 was published Feb 13, 2025
Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote... Critical Unreviewed
CVE-2025-0896 was published Feb 13, 2025
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0... Critical Unreviewed
CVE-2024-7102 was published Feb 13, 2025
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO:... Critical Unreviewed
CVE-2022-31631 was published Feb 13, 2025
An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted... Critical Unreviewed
CVE-2024-24402 was published Feb 26, 2024
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the... Critical Unreviewed
CVE-2023-25218 was published Apr 7, 2023
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the... Critical Unreviewed
CVE-2023-25220 was published Apr 7, 2023
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston... Critical Unreviewed
CVE-2023-45318 was published Feb 20, 2024
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header Critical
GHSA-c2p2-hgjg-9r3f was published for islandora/crayfish (Composer) Feb 12, 2025
xbow-security
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) Critical
GHSA-vjh7-7g9h-fjfh was published for elliptic (npm) Feb 12, 2025
ChALkeR
Inefficient Regular Expression Complexity in koa Critical
CVE-2025-25200 was published for koa (npm) Feb 12, 2025
R4356th
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract... Critical Unreviewed
CVE-2024-32838 was published Feb 12, 2025
An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code... Critical Unreviewed
CVE-2024-25249 was published Feb 21, 2024
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This... Critical Unreviewed
CVE-2023-27720 was published Apr 9, 2023
inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before... Critical Unreviewed
CVE-2023-29475 was published Apr 7, 2023
webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before... Critical Unreviewed
CVE-2023-29473 was published Apr 7, 2023
inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before... Critical Unreviewed
CVE-2023-29474 was published Apr 7, 2023
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not... Critical Unreviewed
CVE-2023-24538 was published Apr 6, 2023
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free... Critical Unreviewed
CVE-2025-26345 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q... Critical Unreviewed
CVE-2025-26344 was published Feb 12, 2025
The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed
CVE-2022-3180 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free... Critical Unreviewed
CVE-2025-26339 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free... Critical Unreviewed
CVE-2025-26347 was published Feb 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database