Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

125,465 advisories

Loading
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on... High Unreviewed
CVE-2025-7398 was published Jul 18, 2025
Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to... High Unreviewed
CVE-2025-6391 was published Jul 18, 2025
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability... High Unreviewed
CVE-2024-4147 was published Feb 2, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2024-54263 was published Feb 2, 2026
Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access... High Unreviewed
CVE-2025-46691 was published Jan 28, 2026
An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege... High Unreviewed
CVE-2026-25201 was published Feb 2, 2026
An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business... High Unreviewed
CVE-2025-13348 was published Feb 2, 2026
pyasn1 has a DoS vulnerability in decoder High
CVE-2026-23490 was published for pyasn1 (pip) Jan 16, 2026
tsigouris007 Credited to tsigouris007
Salt Authentication Protocol Version Downgrade Allows Minion Impersonation High
CVE-2025-62349 was published for salt (pip) Jan 30, 2026
Salt junos Module Vulnerable to Code Injection via Specially Crafted YAML Payload High
CVE-2025-62348 was published for salt (pip) Jan 30, 2026
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to... High Unreviewed
CVE-2021-47918 was published Feb 1, 2026
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the... High Unreviewed
CVE-2020-37047 was published Feb 1, 2026
BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers... High Unreviewed
CVE-2020-37061 was published Feb 1, 2026
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to... High Unreviewed
CVE-2020-37062 was published Feb 1, 2026
TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers... High Unreviewed
CVE-2020-37063 was published Feb 1, 2026
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to... High Unreviewed
CVE-2021-47916 was published Feb 1, 2026
Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows... High Unreviewed
CVE-2021-47921 was published Feb 1, 2026
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to... High Unreviewed
CVE-2020-37055 was published Feb 1, 2026
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the... High Unreviewed
CVE-2020-37064 was published Feb 1, 2026
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability... High Unreviewed
CVE-2020-37048 was published Feb 1, 2026
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module... High Unreviewed
CVE-2021-47915 was published Feb 1, 2026
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer,... High Unreviewed
CVE-2021-47909 was published Feb 1, 2026
Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET... High Unreviewed
CVE-2020-37045 was published Feb 1, 2026
Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local... High Unreviewed
CVE-2020-37037 was published Feb 1, 2026
Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to... High Unreviewed
CVE-2022-50950 was published Feb 1, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database