GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,205
Composer 4,894
Erlang 38
GitHub Actions 38
Go 2,552
Maven 6,024
npm 4,224
NuGet 746
pip 3,999
Pub 12
RubyGems 953
Rust 1,041
Swift 45

Unreviewed advisories

All unreviewed 273,139

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

273,139 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An... Critical Unreviewed

CVE-2025-46581 was published Oct 14, 2025

An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to... Moderate Unreviewed

CVE-2025-41705 was published Oct 14, 2025

The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote... Moderate Unreviewed

CVE-2025-41707 was published Oct 14, 2025

An low privileged remote attacker with an account for the Web-based management can change the... High Unreviewed

CVE-2025-41699 was published Oct 14, 2025

An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the... High Unreviewed

CVE-2025-41703 was published Oct 14, 2025

An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific... Moderate Unreviewed

CVE-2025-41704 was published Oct 14, 2025

A cleartext transmission of sensitive information vulnerability in the affected products allows... High Unreviewed

CVE-2025-41718 was published Oct 14, 2025

The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker... Moderate Unreviewed

CVE-2025-41706 was published Oct 14, 2025

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func... Low Unreviewed

CVE-2025-11731 was published Oct 14, 2025

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-10732 was published Oct 14, 2025

Improper authentication of library files in the Eaton IPP software installer could lead to... High Unreviewed

CVE-2025-59889 was published Oct 14, 2025

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a... Unknown Unreviewed

CVE-2025-8594 was published Oct 14, 2025

The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when... Unknown Unreviewed

CVE-2025-10357 was published Oct 14, 2025

SAP Print Service (SAPSprint) performs insufficient validation of path information provided by... Critical Unreviewed

CVE-2025-42937 was published Oct 14, 2025

SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with... Moderate Unreviewed

CVE-2025-42939 was published Oct 14, 2025

Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an... Moderate Unreviewed

CVE-2025-42902 was published Oct 14, 2025

A vulnerability in SAP Financial Service Claims Management RFC function... Moderate Unreviewed

CVE-2025-42903 was published Oct 14, 2025

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript... Moderate Unreviewed

CVE-2025-42901 was published Oct 14, 2025

SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an... Low Unreviewed

CVE-2025-42909 was published Oct 14, 2025

SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web... Moderate Unreviewed

CVE-2025-42906 was published Oct 14, 2025

Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for... Moderate Unreviewed

CVE-2025-42908 was published Oct 14, 2025

Due to missing verification of file type or content, SAP Supplier Relationship Management allows... Critical Unreviewed

CVE-2025-42910 was published Oct 14, 2025

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed

CVE-2025-62390 was published Oct 14, 2025

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed

CVE-2025-62392 was published Oct 14, 2025

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed

CVE-2025-62385 was published Oct 14, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

273,139 advisories