Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

24,312 advisories

Loading
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection... Critical Unreviewed
CVE-2024-57016 was published Jan 15, 2025
RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the... Critical Unreviewed
CVE-2025-22907 was published Jan 16, 2025
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection... Critical Unreviewed
CVE-2024-57014 was published Jan 15, 2025
Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above.... Critical Unreviewed
CVE-2025-0471 was published Jan 16, 2025
The airPASS from NetVision Information has a SQL Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-0455 was published Jan 16, 2025
The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing... Critical Unreviewed
CVE-2025-0456 was published Jan 16, 2025
Crayfish allows Remote Code Execution via Homarus Authorization header Critical
GHSA-mm6v-68qp-f9fw was published for islandora/crayfish (Composer) Jan 15, 2025
seth-shaw-asu adam-vessey
Sentry's improper authentication on SAML SSO process allows user impersonation Critical
CVE-2025-22146 was published for sentry (pip) Jan 15, 2025
Muhammad-Qasim-Munir
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL... Critical Unreviewed
CVE-2024-4434 was published May 14, 2024
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which... Critical Unreviewed
CVE-2016-4303 was published May 13, 2022
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-22785 was published Jan 15, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List... Critical Unreviewed
CVE-2025-22782 was published Jan 15, 2025
An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username... Critical Unreviewed
CVE-2021-44092 was published Jan 21, 2022
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper... Critical Unreviewed
CVE-2024-12084 was published Jan 15, 2025
Moxa’s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable... Critical Unreviewed
CVE-2024-12297 was published Jan 15, 2025
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in... Critical Unreviewed
CVE-2024-9636 was published Jan 15, 2025
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
Gradio Blocked Path ACL Bypass Vulnerability Critical
CVE-2025-23042 was published for gradio (pip) Jan 14, 2025
superboy-zjc jackfromeast
Rasa Allows Remote Code Execution via Remote Model Loading Critical
CVE-2024-49375 was published for rasa (pip) Jan 14, 2025
File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was... Critical Unreviewed
CVE-2024-56828 was published Jan 6, 2025
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM... Critical Unreviewed
CVE-2021-27647 was published May 24, 2022
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager ... Critical Unreviewed
CVE-2021-27649 was published May 24, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-43927 was published Feb 8, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-43926 was published Feb 8, 2022
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager ... Critical Unreviewed
CVE-2020-27648 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database