Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,163
Maven
5,000+
npm
3,821
NuGet
696
pip
3,502
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

24,817 advisories

Loading
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
Undertow client not checking server identity presented by server certificate in https connections Critical
CVE-2022-4492 was published for io.undertow:undertow-core (Maven) Feb 23, 2023
fawind
VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of... Critical Unreviewed
CVE-2025-25940 was published Mar 10, 2025
In the case of instances where the SAML SSO authentication is enabled (non-default), session data... Critical Unreviewed
CVE-2022-23131 was published Jan 14, 2022
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue Critical
GHSA-hw46-3hmr-x9xv was published for omniauth-saml (RubyGems) Mar 12, 2025
IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Critical
GHSA-4wf3-5qj9-368v was published for github.com/cosmos/ibc-go (Go) Mar 12, 2025
An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the... Critical Unreviewed
CVE-2021-35370 was published Feb 24, 2023
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could... Critical Unreviewed
CVE-2025-1960 was published Mar 12, 2025
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to... Critical Unreviewed
CVE-2024-13872 was published Mar 12, 2025
A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of... Critical Unreviewed
CVE-2024-13871 was published Mar 12, 2025
The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-13446 was published Mar 12, 2025
cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement Critical
GHSA-33cr-m232-xqch was published for github.com/cheqd/cheqd-node (Go) Mar 11, 2025
swelf19
Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit... Critical Unreviewed
CVE-2025-28915 was published Mar 11, 2025
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2,... Critical Unreviewed
CVE-2023-23531 was published Feb 27, 2023
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment... Critical Unreviewed
CVE-2022-48283 was published Feb 27, 2023
An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service... Critical Unreviewed
CVE-2025-26701 was published Mar 11, 2025
JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are... Critical Unreviewed
CVE-2023-42662 was published Mar 7, 2024
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment... Critical Unreviewed
CVE-2022-48284 was published Feb 27, 2023
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations Critical
CVE-2025-27507 was published for github.com/zitadel/zitadel (Go) Mar 4, 2025
amit-laish livio-a
fforootd adlerhurst
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1,... Critical Unreviewed
CVE-2022-46723 was published Feb 27, 2023
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication... Critical Unreviewed
CVE-2024-54085 was published Mar 11, 2025
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because... Critical Unreviewed
CVE-2023-27372 was published Feb 28, 2023
A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning... Critical Unreviewed
CVE-2024-56336 was published Mar 11, 2025
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9),... Critical Unreviewed
CVE-2025-27494 was published Mar 11, 2025
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9),... Critical Unreviewed
CVE-2025-27493 was published Mar 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database