Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
Memory corruption while processing request sent from GVM. High Unreviewed
CVE-2025-47353 was published Nov 4, 2025
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying... Critical Unreviewed
CVE-2025-53964 was published Jul 17, 2025
A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an... High Unreviewed
CVE-2025-37097 was published Jul 1, 2025
filebrowser Allows Shell Commands to Spawn Other Commands High
CVE-2025-52903 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig hacdias
Credited to mtausig and hacdias
Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information... Moderate Unreviewed
CVE-2025-5823 was published Jun 26, 2025
WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability.... High Unreviewed
CVE-2025-5748 was published Jun 6, 2025
webpack-dev-server users' source code may be stolen when they access a malicious web site Moderate
CVE-2025-30359 was published for webpack-dev-server (npm) Jun 4, 2025
sapphi-red
Credited to sapphi-red
A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted ... Moderate Unreviewed
CVE-2025-48415 was published May 21, 2025
SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not... Moderate Unreviewed
CVE-2025-43003 was published May 13, 2025
TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs. Low Unreviewed
CVE-2025-43955 was published Apr 20, 2025
Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to ... High Unreviewed
CVE-2025-3698 was published Apr 16, 2025
Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized... Moderate Unreviewed
CVE-2025-26651 was published Apr 8, 2025
Cryptographic issues while generating an asymmetric key pair for RKP use cases. High Unreviewed
CVE-2024-43065 was published Apr 7, 2025
H2O Vulnerable to Execution of Arbitrary Files Moderate
CVE-2024-6863 was published for ai.h2o:h2o-core (Maven) Mar 20, 2025
Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating... High Unreviewed
CVE-2024-12651 was published Feb 14, 2025
Opening a malicious website while running a Nuxt dev server could allow read-only access to code Moderate
CVE-2025-24361 was published for @nuxt/rspack-builder (npm) Jan 27, 2025
sapphi-red
Credited to sapphi-red
ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape High
CVE-2025-24359 was published for asteval (pip) Jan 24, 2025
SteakEnthusiast
Credited to SteakEnthusiast
ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape High
GHSA-vp47-9734-prjw was published for asteval (pip) Jan 23, 2025
SteakEnthusiast
Credited to SteakEnthusiast
TYPO3 DB Check Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55945 was published for typo3/cms-lowlevel (Composer) Jan 14, 2025
shm0sby rosegabe
Credited to shm0sby and rosegabe
TYPO3 Scheduler Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55924 was published for typo3/cms-scheduler (Composer) Jan 14, 2025
shm0sby rosegabe
Credited to shm0sby and rosegabe
TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55923 was published for typo3/cms-indexed-search (Composer) Jan 14, 2025
TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55922 was published for typo3/cms-form (Composer) Jan 14, 2025
TYPO3 Extension Manager Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55921 was published for typo3/cms-extensionmanager (Composer) Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Dashboard Module Moderate
CVE-2024-55920 was published for typo3/cms-dashboard (Composer) Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Backend User Module Moderate
CVE-2024-55894 was published for typo3/cms-beuser (Composer) Jan 14, 2025
zly123987 shm0sby
rosegabe
Credited to zly123987, shm0sby, and rosegabe
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database