Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

25,409 advisories

Loading
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization,... Critical Unreviewed
CVE-2025-31324 was published Apr 24, 2025
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code... Critical Unreviewed
CVE-2021-3942 was published Dec 12, 2022
An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated... Critical Unreviewed
CVE-2022-45276 was published Nov 23, 2022
iTerm2 before 3.4.18 mishandles a DECRQSS response. Critical Unreviewed
CVE-2022-45872 was published Nov 24, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter... Critical Unreviewed
CVE-2022-44250 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter... Critical Unreviewed
CVE-2022-44249 was published Nov 23, 2022
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter... Critical Unreviewed
CVE-2022-44252 was published Nov 23, 2022
oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid... Critical Unreviewed
CVE-2024-56431 was published Dec 25, 2024
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in... Critical Unreviewed
CVE-2022-44251 was published Nov 23, 2022
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version... Critical Unreviewed
CVE-2022-44808 was published Nov 22, 2022
Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform... Critical Unreviewed
CVE-2022-36784 was published Jul 6, 2023
Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution... Critical Unreviewed
CVE-2022-44038 was published Nov 29, 2022
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low... Critical Unreviewed
CVE-2022-37720 was published Nov 25, 2022
Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket... Critical Unreviewed
CVE-2025-25775 was published Apr 25, 2025
Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via... Critical Unreviewed
CVE-2022-42109 was published Nov 29, 2022
The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500... Critical Unreviewed
CVE-2022-36133 was published Nov 25, 2022
Craft CMS Allows Remote Code Execution Critical
CVE-2025-32432 was published for craftcms/cms (Composer) Apr 25, 2025
owncast is vulnerable to SQL Injection Critical
CVE-2022-3751 was published for github.com/owncast/owncast (Go) Nov 29, 2022
TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with... Critical Unreviewed
CVE-2025-43946 was published Apr 22, 2025
The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job... Critical Unreviewed
CVE-2025-2470 was published Apr 25, 2025
Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE)... Critical Unreviewed
CVE-2025-46616 was published Apr 25, 2025
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain... Critical Unreviewed
CVE-2025-46273 was published Apr 25, 2025
WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create... Critical Unreviewed
CVE-2025-46275 was published Apr 25, 2025
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read,... Critical Unreviewed
CVE-2025-46274 was published Apr 25, 2025
WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an... Critical Unreviewed
CVE-2025-46272 was published Apr 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database