Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,605
Maven
5,000+
npm
4,250
NuGet
757
pip
4,016
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

113,246 advisories

Loading
IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that... High Unreviewed
CVE-2025-34312 was published Oct 28, 2025
IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that... High Unreviewed
CVE-2025-34311 was published Oct 28, 2025
An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions... High Unreviewed
CVE-2025-53855 was published Oct 28, 2025
IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows... High Unreviewed
CVE-2025-34304 was published Oct 28, 2025
A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc.... High Unreviewed
CVE-2025-53814 was published Oct 28, 2025
Command injection vulnerability exists in the “Logging” page of the web-based configuration... High Unreviewed
CVE-2025-1036 was published Oct 28, 2025
By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with... High Unreviewed
CVE-2025-1037 was published Oct 28, 2025
The “Diagnostics Tools” page of the web-based configuration utility does not properly validate... High Unreviewed
CVE-2025-1038 was published Oct 28, 2025
microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows... High Unreviewed
CVE-2025-41090 was published Oct 28, 2025
Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected... High Unreviewed
CVE-2025-10151 was published Oct 28, 2025
Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways... High Unreviewed
CVE-2025-10150 was published Oct 28, 2025
Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may... High Unreviewed
CVE-2025-62777 was published Oct 28, 2025
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-11735 was published Oct 28, 2025
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side... High Unreviewed
CVE-2025-10145 was published Oct 28, 2025
A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function... High Unreviewed
CVE-2025-12341 was published Oct 28, 2025
Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA... High Unreviewed
CVE-2025-62260 was published Oct 28, 2025
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP... High Unreviewed
CVE-2025-62258 was published Oct 28, 2025
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege... High Unreviewed
CVE-2025-36007 was published Oct 27, 2025
A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function... High Unreviewed
CVE-2025-12322 was published Oct 27, 2025
Keycloak TLS Client-Initiated Renegotiation Denial of Service High
CVE-2025-11419 was published for org.keycloak:keycloak-quarkus-dist (Maven) Oct 27, 2025
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron
Credited to masasron
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a... High Unreviewed
CVE-2025-55752 was published Oct 27, 2025
pg8000 SQL injection vulnerability via a specially crafted Python list input High
CVE-2025-61385 was published for pg8000 (pip) Oct 27, 2025
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to... High Unreviewed
CVE-2025-27222 was published Oct 27, 2025
TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp... High Unreviewed
CVE-2025-27225 was published Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database