Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

273,848 advisories

Loading
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote... Critical Unreviewed
CVE-2025-62645 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the... Moderate Unreviewed
CVE-2025-62647 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote... Moderate Unreviewed
CVE-2025-62648 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits... Low Unreviewed
CVE-2025-62643 was published Oct 17, 2025
ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the... Moderate Unreviewed
CVE-2025-34282 was published Oct 17, 2025
ThingsBoard versions < 4.2.1 contain a stored cross-site scripting (XSS) vulnerability in the... Moderate Unreviewed
CVE-2025-34281 was published Oct 17, 2025
A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The... Moderate Unreviewed
CVE-2025-11909 was published Oct 17, 2025
A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The... Moderate Unreviewed
CVE-2025-11908 was published Oct 17, 2025
Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder... Moderate Unreviewed
CVE-2025-60514 was published Oct 17, 2025
Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP... Critical Unreviewed
CVE-2025-8414 was published Oct 17, 2025
A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5... Critical Unreviewed
CVE-2025-60279 was published Oct 17, 2025
A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read... Critical Unreviewed
CVE-2025-62353 was published Oct 17, 2025
A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically... Critical Unreviewed
CVE-2025-57567 was published Oct 17, 2025
A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to... High Unreviewed
CVE-2025-62356 was published Oct 17, 2025
A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the... Moderate Unreviewed
CVE-2025-11905 was published Oct 17, 2025
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function... Moderate Unreviewed
CVE-2025-11904 was published Oct 17, 2025
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function... Moderate Unreviewed
CVE-2025-11903 was published Oct 17, 2025
radare2 v5.9.8 and before contains a memory leak in the function bochs_open. Low Unreviewed
CVE-2025-60361 was published Oct 17, 2025
radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init. Low Unreviewed
CVE-2025-60360 was published Oct 17, 2025
A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability... Moderate Unreviewed
CVE-2025-11902 was published Oct 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-48087 was published Oct 17, 2025
radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new. Moderate Unreviewed
CVE-2025-60359 was published Oct 17, 2025
The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in... Moderate Unreviewed
CVE-2025-11895 was published Oct 17, 2025
Some versions of Hikvision's iSecure Center Product have an improper file upload control... Critical Unreviewed
CVE-2023-28814 was published Oct 17, 2025
Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation,... Critical Unreviewed
CVE-2023-28815 was published Oct 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database