Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
Amazon.IonDotnet is vulnerable to Denial of Service attacks High
CVE-2025-11573 was published for Amazon.IonDotnet (NuGet) Oct 9, 2025
IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a... Moderate Unreviewed
CVE-2025-36262 was published Sep 30, 2025
github.com/nyaruka/phonenumbers Vulnerable to Improper Validation of Syntactic Correctness of Input Moderate
CVE-2025-10954 was published for github.com/nyaruka/phonenumbers (Go) Sep 27, 2025
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an... Moderate Unreviewed
CVE-2025-25007 was published Aug 12, 2025
golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability High
CVE-2025-22868 was published for golang.org/x/oauth2 (Go) Jul 18, 2025
An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can... High Unreviewed
CVE-2024-51983 was published Jun 26, 2025
An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language ... High Unreviewed
CVE-2024-51982 was published Jun 26, 2025
Denial of service due to improper handling of malformed input. The following products are... High Unreviewed
CVE-2025-30415 was published Jun 4, 2025
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS... Moderate Unreviewed
CVE-2025-24347 was published Apr 30, 2025
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS... Moderate Unreviewed
CVE-2025-24348 was published Apr 30, 2025
A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote... Moderate Unreviewed
CVE-2025-24345 was published Apr 30, 2025
A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote... High Unreviewed
CVE-2025-24346 was published Apr 30, 2025
Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet. Moderate Unreviewed
CVE-2025-46419 was published Apr 24, 2025
Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability High
GHSA-3wqc-mwfx-672p was published for github.com/traefik/traefik/v2 (Go) Apr 18, 2025
adregbr
Credited to adregbr
IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11... Moderate Unreviewed
CVE-2024-52362 was published Mar 12, 2025
Improper Validation of Syntactic Correctness of Input vulnerability in Finder Fire Safety Finder... High Unreviewed
CVE-2024-12146 was published Mar 6, 2025
In Modem, there is a possible memory corruption due to incorrect error handling. This could lead... High Unreviewed
CVE-2025-20644 was published Mar 3, 2025
A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0) ... High Unreviewed
CVE-2025-24812 was published Feb 11, 2025
The initial code parsing the manifest did not check the content of the file names yet later code... High Unreviewed
CVE-2025-0638 was published Jan 22, 2025
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API... Moderate Unreviewed
CVE-2024-8772 was published Nov 26, 2024
Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi... Low Unreviewed
CVE-2024-8160 was published Nov 26, 2024
An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the... High Unreviewed
CVE-2024-10396 was published Nov 14, 2024
Eclipse Jetty URI parsing of invalid authority Moderate
CVE-2024-6763 was published for org.eclipse.jetty:jetty-http (Maven) Oct 14, 2024
zer0yu
Credited to zer0yu
Denial of Service in TYPO3 Bookmark Toolbar Low
CVE-2024-34537 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader bnf
Eichner
Credited to ohader, bnf, and Eichner
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API... Moderate Unreviewed
CVE-2024-6173 was published Sep 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database