Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,580 advisories

Loading
A race during concurrent delazification could have led to a use-after-free. This vulnerability... Critical Unreviewed
CVE-2025-1012 was published Feb 4, 2025
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6... Critical Unreviewed
CVE-2025-1016 was published Feb 4, 2025
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird... Critical Unreviewed
CVE-2025-1017 was published Feb 4, 2025
Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence... Critical Unreviewed
CVE-2025-1020 was published Feb 4, 2025
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to... Critical Unreviewed
CVE-2024-9643 was published Feb 4, 2025
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass... Critical Unreviewed
CVE-2024-9644 was published Feb 4, 2025
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a... Critical Unreviewed
CVE-2025-1010 was published Feb 4, 2025
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an... Critical Unreviewed
CVE-2025-1011 was published Feb 4, 2025
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially... Critical Unreviewed
CVE-2025-1009 was published Feb 4, 2025
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy... Critical Unreviewed
CVE-2025-0890 was published Feb 4, 2025
Improper control of generation of code in the sourcerer extension for Joomla in versions before... Critical Unreviewed
CVE-2025-22204 was published Feb 4, 2025
SQL injection vulnerability in the ZimbraSyncService SOAP endpoint in Zimbra Collaboration 10.0.x... Critical Unreviewed
CVE-2025-25064 was published Feb 3, 2025
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to... Critical Unreviewed
CVE-2024-57968 was published Feb 3, 2025
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Critical Unreviewed
CVE-2025-22978 was published Feb 3, 2025
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by... Critical Unreviewed
CVE-2024-57099 was published Feb 3, 2025
ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. Critical Unreviewed
CVE-2024-57450 was published Feb 3, 2025
Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully... Critical Unreviewed
CVE-2024-57098 was published Feb 3, 2025
Memory corruption while parsing the ML IE due to invalid frame content. Critical Unreviewed
CVE-2024-45569 was published Feb 3, 2025
Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass Critical
CVE-2025-24370 was published for django-unicorn (pip) Feb 3, 2025
superboy-zjc jackfromeast
Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for... Critical Unreviewed
CVE-2025-24661 was published Feb 3, 2025
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead... Critical Unreviewed
CVE-2025-20634 was published Feb 3, 2025
EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to privilege escalation as the... Critical Unreviewed
CVE-2024-53356 was published Feb 1, 2025
EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are vulnerable to Command... Critical Unreviewed
CVE-2024-55062 was published Feb 1, 2025
OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone... Critical Unreviewed
CVE-2024-53584 was published Jan 31, 2025
SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on... Critical Unreviewed
CVE-2024-47857 was published Jan 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database