Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

273,869 advisories

Loading
Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing... High Unreviewed
CVE-2025-11898 was published Oct 17, 2025
An Incorrect Authorization vulnerability has been identified in Moxa’s network security... High Unreviewed
CVE-2025-6892 was published Oct 17, 2025
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network... Moderate Unreviewed
CVE-2025-6894 was published Oct 17, 2025
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network... Critical Unreviewed
CVE-2025-6893 was published Oct 17, 2025
In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to... Low Unreviewed
CVE-2025-11896 was published Oct 17, 2025
radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations. High Unreviewed
CVE-2025-60358 was published Oct 16, 2025
Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update... Moderate Unreviewed
CVE-2025-60855 was published Oct 16, 2025
An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05... High Unreviewed
CVE-2025-61553 was published Oct 16, 2025
A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20)... Moderate Unreviewed
CVE-2025-61554 was published Oct 16, 2025
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows... Moderate Unreviewed
CVE-2025-61514 was published Oct 16, 2025
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could... Moderate Unreviewed
CVE-2024-42192 was published Oct 16, 2025
A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the... Moderate Unreviewed
CVE-2025-11864 was published Oct 16, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34253 was published Oct 16, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy... Moderate Unreviewed
CVE-2025-34255 was published Oct 16, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy... Moderate Unreviewed
CVE-2025-34254 was published Oct 16, 2025
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from... High Unreviewed
CVE-2025-11493 was published Oct 16, 2025
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of... Critical Unreviewed
CVE-2025-11492 was published Oct 16, 2025
A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of... Moderate Unreviewed
CVE-2025-11853 was published Oct 16, 2025
A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown... Moderate Unreviewed
CVE-2025-11852 was published Oct 16, 2025
The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize... Moderate Unreviewed
CVE-2025-60641 was published Oct 16, 2025
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from... Moderate Unreviewed
CVE-2025-61330 was published Oct 16, 2025
OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password.... High Unreviewed
CVE-2025-62586 was published Oct 16, 2025
Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax... Moderate Unreviewed
CVE-2025-56700 was published Oct 16, 2025
SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open... Moderate Unreviewed
CVE-2025-56699 was published Oct 16, 2025
Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26). Moderate Unreviewed
CVE-2025-60639 was published Oct 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database