GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,216
Composer 4,894
Erlang 38
GitHub Actions 38
Go 2,556
Maven 6,025
npm 4,228
NuGet 747
pip 4,000
Pub 12
RubyGems 953
Rust 1,041
Swift 45

Unreviewed advisories

All unreviewed 273,647

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,684 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory... Critical Unreviewed

CVE-2025-11721 was published Oct 14, 2025

When switching between Android apps using the card carousel Firefox shows a black screen as its... Critical Unreviewed

CVE-2025-11717 was published Oct 14, 2025

A compromised web process was able to trigger out of bounds reads and writes in a more privileged... Critical Unreviewed

CVE-2025-11709 was published Oct 14, 2025

A compromised web process using malicious IPC messages could have caused the privileged browser... Critical Unreviewed

CVE-2025-11710 was published Oct 14, 2025

Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144,... Critical Unreviewed

CVE-2025-11708 was published Oct 14, 2025

Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could... Critical Unreviewed

CVE-2025-11719 was published Oct 14, 2025

In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control,... Critical Unreviewed

CVE-2024-9095 was published Mar 20, 2025

A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an... Critical Unreviewed

CVE-2024-8581 was published Mar 20, 2025

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST ... Critical Unreviewed

CVE-2024-8999 was published Mar 20, 2025

The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote... Critical Unreviewed

CVE-2024-10131 was published Oct 19, 2024

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to... Critical Unreviewed

CVE-2024-7475 was published Oct 29, 2024

An improper access control vulnerability exists in the mintplex-labs/anything-llm application,... Critical Unreviewed

CVE-2024-3279 was published Aug 12, 2024

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web... Critical Unreviewed

CVE-2024-5827 was published Jun 29, 2024

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability... Critical Unreviewed

CVE-2024-3502 was published Nov 14, 2024

A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16.... Critical Unreviewed

CVE-2022-4364 was published Dec 8, 2022

The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed

CVE-2025-10294 was published Oct 15, 2025

The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed

CVE-2025-9967 was published Oct 15, 2025

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to... Critical Unreviewed

CVE-2025-10041 was published Oct 15, 2025

VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious... Critical Unreviewed

CVE-2018-25117 was published Oct 15, 2025

DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in... Critical Unreviewed

CVE-2017-20204 was published Oct 15, 2025

Valve's Source SDK (source-sdk-2013)'s ragdoll model parsing logic contains a stack-based buffer... Critical Unreviewed

CVE-2017-20205 was published Oct 15, 2025

The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human... Critical Unreviewed

CVE-2011-10033 was published Oct 15, 2025

BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the ... Critical Unreviewed

CVE-2023-7311 was published Oct 15, 2025

SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet... Critical Unreviewed

CVE-2023-7305 was published Oct 15, 2025

Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the ... Critical Unreviewed

CVE-2023-7304 was published Oct 15, 2025

Previous1…400 Next

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

23,684 advisories