GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,808
Composer 5,566
Erlang 49
GitHub Actions 49
Go 3,479
Maven 6,393
npm 5,718
NuGet 886
pip 4,740
Pub 13
RubyGems 1,031
Rust 1,225
Swift 53

Unreviewed advisories

All unreviewed 297,386

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

142 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over... Critical Unreviewed

CVE-2025-32711 was published Jun 11, 2025

eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Critical Unreviewed

CVE-2025-22978 was published Feb 3, 2025

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before... Critical Unreviewed

CVE-2024-27708 was published Dec 22, 2025

Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via... Critical Unreviewed

CVE-2025-55343 was published Nov 5, 2025

Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed

CVE-2024-39784 was published Jan 14, 2025

Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of... Critical Unreviewed

CVE-2024-39785 was published Jan 14, 2025

Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11... Critical Unreviewed

CVE-2022-0582 was published Feb 15, 2022

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed

CVE-2025-20281 was published Jun 26, 2025

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated,... Critical Unreviewed

CVE-2025-20337 was published Jul 16, 2025

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed

CVE-2022-26134 was published Jun 4, 2022

Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data... Critical Unreviewed

CVE-2023-22527 was published Jan 16, 2024

There was a server-side template injection vulnerability in Jira Server and Data Center, in the... Critical Unreviewed

CVE-2019-11581 was published May 24, 2022

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to... Critical Unreviewed

CVE-2022-3236 was published Sep 25, 2022

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists... Critical Unreviewed

CVE-2021-26084 was published May 24, 2022

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed

CVE-2019-2725 was published May 24, 2022

A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16.... Critical Unreviewed

CVE-2022-4364 was published Dec 8, 2022

Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output... Critical Unreviewed

CVE-2025-8276 was published Sep 16, 2025

A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute... Critical Unreviewed

CVE-2025-56266 was published Sep 8, 2025

A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center... Critical Unreviewed

CVE-2025-20265 was published Aug 14, 2025

An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST... Critical Unreviewed

CVE-2024-39243 was published Jun 26, 2024

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). Critical Unreviewed

CVE-2022-45550 was published Dec 7, 2022

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes,... Critical Unreviewed

CVE-2015-7264 was published May 14, 2022

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks... Critical Unreviewed

CVE-2016-4010 was published May 17, 2022

Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. Critical Unreviewed

CVE-2022-40434 was published Dec 20, 2022

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO:... Critical Unreviewed

CVE-2022-31631 was published Feb 13, 2025

Previous1…6 Next

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

142 advisories