GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,275
Composer 4,908
Erlang 39
GitHub Actions 38
Go 2,568
Maven 6,036
npm 4,240
NuGet 754
pip 4,004
Pub 12
RubyGems 953
Rust 1,042
Swift 45

Unreviewed advisories

All unreviewed 273,848

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

129,468 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed

CVE-2025-34253 was published Oct 16, 2025

D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy... Moderate Unreviewed

CVE-2025-34255 was published Oct 16, 2025

D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy... Moderate Unreviewed

CVE-2025-34254 was published Oct 16, 2025

The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize... Moderate Unreviewed

CVE-2025-60641 was published Oct 16, 2025

A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from... Moderate Unreviewed

CVE-2025-61330 was published Oct 16, 2025

Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax... Moderate Unreviewed

CVE-2025-56700 was published Oct 16, 2025

SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open... Moderate Unreviewed

CVE-2025-56699 was published Oct 16, 2025

Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26). Moderate Unreviewed

CVE-2025-60639 was published Oct 16, 2025

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting ... Moderate Unreviewed

CVE-2025-34512 was published Oct 16, 2025

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown... Moderate Unreviewed

CVE-2025-11851 was published Oct 16, 2025

A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo... Moderate Unreviewed

CVE-2025-11840 was published Oct 16, 2025

Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that... Moderate Unreviewed

CVE-2025-55035 was published Oct 16, 2025

A vulnerability exists in the QuickJS engine's BigInt string conversion logic ... Moderate Unreviewed

CVE-2025-62493 was published Oct 16, 2025

A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS... Moderate Unreviewed

CVE-2025-62492 was published Oct 16, 2025

Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object... Moderate Unreviewed

CVE-2025-9559 was published Oct 16, 2025

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of... Moderate Unreviewed

CVE-2025-11839 was published Oct 16, 2025

SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php. Moderate Unreviewed

CVE-2025-61540 was published Oct 16, 2025

Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in... Moderate Unreviewed

CVE-2025-61539 was published Oct 16, 2025

IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6... Moderate Unreviewed

CVE-2025-36002 was published Oct 16, 2025

A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11... Moderate Unreviewed

CVE-2025-46752 was published Oct 16, 2025

An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in... Moderate Unreviewed

CVE-2025-53950 was published Oct 16, 2025

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability ... Moderate Unreviewed

CVE-2025-53951 was published Oct 16, 2025

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to... Moderate Unreviewed

CVE-2025-9955 was published Oct 16, 2025

Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow... Moderate Unreviewed

CVE-2025-54859 was published Oct 16, 2025

Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow... Moderate Unreviewed

CVE-2025-55072 was published Oct 16, 2025

Previous 1…3…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

129,468 advisories