Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,874
Erlang
37
GitHub Actions
36
Go
2,520
Maven
5,000+
npm
4,160
NuGet
741
pip
3,961
Pub
12
RubyGems
946
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

139 advisories

Loading
Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output... Critical Unreviewed
CVE-2025-8276 was published Sep 16, 2025
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute... Critical Unreviewed
CVE-2025-56266 was published Sep 8, 2025
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center... Critical Unreviewed
CVE-2025-20265 was published Aug 14, 2025
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed
CVE-2025-20281 was published Jun 26, 2025
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed
CVE-2025-20337 was published Jul 16, 2025
An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST... Critical Unreviewed
CVE-2024-39243 was published Jun 26, 2024
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). Critical Unreviewed
CVE-2022-45550 was published Dec 7, 2022
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes,... Critical Unreviewed
CVE-2015-7264 was published May 14, 2022
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks... Critical Unreviewed
CVE-2016-4010 was published May 17, 2022
Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. Critical Unreviewed
CVE-2022-40434 was published Dec 20, 2022
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Critical Unreviewed
CVE-2025-22978 was published Feb 3, 2025
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO:... Critical Unreviewed
CVE-2022-31631 was published Feb 13, 2025
Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data... Critical Unreviewed
CVE-2023-22527 was published Jan 16, 2024
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2725 was published May 24, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2021-26084 was published May 24, 2022
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed
CVE-2022-26134 was published Jun 4, 2022
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to... Critical Unreviewed
CVE-2022-3236 was published Sep 25, 2022
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates... Critical Unreviewed
CVE-2023-24540 was published May 11, 2023
A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink... Critical Unreviewed
CVE-2024-21797 was published Jan 14, 2025
A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000... Critical Unreviewed
CVE-2024-36295 was published Jan 14, 2025
A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink... Critical Unreviewed
CVE-2024-34544 was published Jan 14, 2025
A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink... Critical Unreviewed
CVE-2024-39604 was published Jan 14, 2025
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39784 was published Jan 14, 2025
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed
CVE-2024-39785 was published Jan 14, 2025
The go command may execute arbitrary code at build time when using cgo. This may occur when... Critical Unreviewed
CVE-2023-29405 was published Jun 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database