Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

30,740 advisories

Loading
RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the... Critical Unreviewed
CVE-2025-22916 was published Jan 16, 2025
RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the... Critical Unreviewed
CVE-2025-22913 was published Jan 16, 2025
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection... Critical Unreviewed
CVE-2024-57013 was published Jan 15, 2025
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection... Critical Unreviewed
CVE-2024-57016 was published Jan 15, 2025
RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName... Critical Unreviewed
CVE-2025-22906 was published Jan 16, 2025
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection... Critical Unreviewed
CVE-2024-57012 was published Jan 15, 2025
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection... Critical Unreviewed
CVE-2024-57014 was published Jan 15, 2025
RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the... Critical Unreviewed
CVE-2025-22907 was published Jan 16, 2025
Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above.... Critical Unreviewed
CVE-2025-0471 was published Jan 16, 2025
The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing... Critical Unreviewed
CVE-2025-0456 was published Jan 16, 2025
The airPASS from NetVision Information has a SQL Injection vulnerability, allowing... Critical Unreviewed
CVE-2025-0455 was published Jan 16, 2025
Sentry's improper authentication on SAML SSO process allows user impersonation Critical
CVE-2025-22146 was published for sentry (pip) Jan 15, 2025
Muhammad-Qasim-Munir Credited to Muhammad-Qasim-Munir
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL... Critical Unreviewed
CVE-2024-4434 was published May 14, 2024
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which... Critical Unreviewed
CVE-2016-4303 was published May 13, 2022
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-22785 was published Jan 15, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List... Critical Unreviewed
CVE-2025-22782 was published Jan 15, 2025
An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username... Critical Unreviewed
CVE-2021-44092 was published Jan 21, 2022
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in... Critical Unreviewed
CVE-2024-9636 was published Jan 15, 2025
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
Rasa Allows Remote Code Execution via Remote Model Loading Critical
CVE-2024-49375 was published for rasa (pip) Jan 14, 2025
File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was... Critical Unreviewed
CVE-2024-56828 was published Jan 6, 2025
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-43927 was published Feb 8, 2022
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager ... Critical Unreviewed
CVE-2021-27649 was published May 24, 2022
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM... Critical Unreviewed
CVE-2021-27647 was published May 24, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-43926 was published Feb 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database