GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,605
Composer 4,714
Erlang 34
GitHub Actions 28
Go 2,297
Maven 5,575
npm 3,942
NuGet 708
pip 3,711
Pub 12
RubyGems 920
Rust 959
Swift 38

Unreviewed advisories

All unreviewed 256,644

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

99,710 advisories

Filter by severity

Sort by

Least recently updated

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path... High Unreviewed

CVE-2025-4123 was published May 22, 2025

Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This... High Unreviewed

CVE-2025-3884 was published May 22, 2025

eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This... High Unreviewed

CVE-2025-3883 was published May 22, 2025

eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution... High Unreviewed

CVE-2025-3882 was published May 22, 2025

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability.... High Unreviewed

CVE-2025-3887 was published May 22, 2025

GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This... High Unreviewed

CVE-2025-2759 was published May 22, 2025

Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This... High Unreviewed

CVE-2025-3486 was published May 22, 2025

eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability.... High Unreviewed

CVE-2025-3881 was published May 22, 2025

The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and... High Unreviewed

CVE-2025-34025 was published May 22, 2025

Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the... High Unreviewed

CVE-2025-2261 was published May 21, 2025

The component listed above contains a vulnerability that can be exploited by an attacker to... High Unreviewed

CVE-2025-3751 was published May 21, 2025

The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable... High Unreviewed

CVE-2025-4803 was published May 21, 2025

Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2... High Unreviewed

CVE-2025-1712 was published May 21, 2025

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse... High Unreviewed

CVE-2019-16536 was published May 21, 2025

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. High Unreviewed

CVE-2021-25254 was published May 21, 2025

Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial... High Unreviewed

CVE-2021-25255 was published May 21, 2025

Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track... High Unreviewed

CVE-2025-4416 was published May 21, 2025

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote... High Unreviewed

CVE-2025-20113 was published May 21, 2025

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE)... High Unreviewed

CVE-2025-20152 was published May 21, 2025

An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing... High Unreviewed

CVE-2025-27997 was published May 21, 2025

An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate... High Unreviewed

CVE-2025-27998 was published May 21, 2025

itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient... High Unreviewed

CVE-2024-56429 was published May 21, 2025

When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks... High Unreviewed

CVE-2025-40775 was published May 21, 2025

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently... High Unreviewed

CVE-2025-1416 was published May 21, 2025

The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating... High Unreviewed

CVE-2025-48413 was published May 21, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

99,710 advisories