Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,783 advisories

Loading
An input neutralization vulnerability in the Webhook Template component of Crafty Controller... Critical Unreviewed
CVE-2025-14700 was published Dec 17, 2025
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an... Critical Unreviewed
CVE-2025-63414 was published Dec 16, 2025
NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this... Critical Unreviewed
CVE-2025-33210 was published Dec 16, 2025
A remote code execution issue exists in HPE OneView. Critical Unreviewed
CVE-2025-37164 was published Dec 16, 2025
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused... Critical Unreviewed
CVE-2025-46295 was published Dec 16, 2025
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers... Critical Unreviewed
CVE-2023-53895 was published Dec 16, 2025
phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by... Critical Unreviewed
CVE-2023-53894 was published Dec 16, 2025
Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig... Critical Unreviewed
CVE-2025-66131 was published Dec 16, 2025
LikeC4 has RCE through vulnerable React and Next.js versions Critical
GHSA-vr6p-vq2p-6j74 was published for likec4 (npm) Dec 15, 2025
fnuttens
Credited to fnuttens
TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u... Critical Unreviewed
CVE-2025-55895 was published Dec 15, 2025
Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows... Critical Unreviewed
CVE-2023-53872 was published Dec 15, 2025
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that... Critical Unreviewed
CVE-2023-53877 was published Dec 15, 2025
ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers... Critical Unreviewed
CVE-2023-53881 was published Dec 15, 2025
MooreThreads torch_musa through all versions contains an unsafe deserialization vulnerability in... Critical Unreviewed
CVE-2025-65213 was published Dec 15, 2025
An issue was discovered in Frappe ERPNext through 15.89.0. Function... Critical Unreviewed
CVE-2025-66439 was published Dec 15, 2025
An SSTI (Server-Side Template Injection) vulnerability exists in the get_dunning_letter_text... Critical Unreviewed
CVE-2025-66434 was published Dec 15, 2025
A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89... Critical Unreviewed
CVE-2025-66438 was published Dec 15, 2025
An issue was discovered in Frappe ERPNext through 15.89.0. Function... Critical Unreviewed
CVE-2025-66440 was published Dec 15, 2025
In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig... Critical Unreviewed
CVE-2025-66844 was published Dec 15, 2025
OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources Critical
CVE-2025-13888 was published for github.com/redhat-developer/gitops-operator (Go) Dec 15, 2025
The Fox LMS – WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in... Critical Unreviewed
CVE-2025-14156 was published Dec 15, 2025
Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X.... Critical Unreviewed
CVE-2025-36751 was published Dec 13, 2025
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented... Critical Unreviewed
CVE-2025-36752 was published Dec 13, 2025
The authentication mechanism on web interface is not properly implemented. It is possible to... Critical Unreviewed
CVE-2025-36754 was published Dec 13, 2025
ShineLan-X contains a set of credentials for an FTP server was found within the firmware,... Critical Unreviewed
CVE-2025-36747 was published Dec 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database