GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,778
Maven
5,000+
npm
4,379
NuGet
770
pip
4,150
Pub
12
RubyGems
963
Rust
1,071
Swift
45
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
Gitea allows attackers to add attachments with forbidden file extensions
High
CVE-2025-68939
was published
for
code.gitea.io/gitea
(Go)
Dec 26, 2025
An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows...
Low
Unreviewed
CVE-2025-4617
was published
Nov 14, 2025
Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9...
Moderate
Unreviewed
CVE-2025-58079
was published
Oct 16, 2025
Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the...
High
Unreviewed
CVE-2025-6250
was published
Jul 28, 2025
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a...
Moderate
Unreviewed
CVE-2025-49162
was published
Jun 3, 2025
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a...
Moderate
Unreviewed
CVE-2025-49163
was published
Jun 3, 2025
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke...
Critical
Unreviewed
CVE-2025-48827
was published
May 27, 2025
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing...
Critical
Unreviewed
CVE-2025-48828
was published
May 27, 2025
CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript...
Moderate
Unreviewed
CVE-2025-46654
was published
Apr 26, 2025
CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG...
Moderate
Unreviewed
CVE-2025-46655
was published
Apr 26, 2025
yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key
Critical
CVE-2024-58136
was published
for
yiisoft/yii2
(Composer)
Apr 10, 2025
A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM...
Moderate
Unreviewed
CVE-2025-0113
was published
Feb 12, 2025
A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >=...
Critical
Unreviewed
CVE-2023-52952
was published
Oct 8, 2024
An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from...
Moderate
Unreviewed
CVE-2024-8311
was published
Sep 12, 2024
In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use...
High
Unreviewed
CVE-2024-3460
was published
May 14, 2024
KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading...
High
Unreviewed
CVE-2024-3459
was published
May 14, 2024
A vulnerability in the web-based management interface of Cisco Identity Services Engine could...
Moderate
Unreviewed
CVE-2023-20272
was published
Nov 21, 2023
IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system,...
Moderate
Unreviewed
CVE-2023-46176
was published
Nov 3, 2023
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation ...
High
Unreviewed
CVE-2023-5165
was published
Sep 25, 2023
The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe...
High
Unreviewed
CVE-2022-1742
was published
Jun 25, 2022
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1...
Moderate
Unreviewed
CVE-2022-28782
was published
May 4, 2022
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022...
Moderate
Unreviewed
CVE-2022-24932
was published
Mar 11, 2022
ProTip!
Advisories are also available from the
GraphQL API