+
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,890
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,217
NuGet
745
pip
3,994
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

297,009 advisories

Loading
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in... Moderate Unreviewed
CVE-2025-11449 was published Oct 10, 2025
ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in... Moderate Unreviewed
CVE-2025-11450 was published Oct 10, 2025
A weakness has been identified in code-projects Online Complaint Site 1.0. Affected is an unknown... Moderate Unreviewed
CVE-2025-11530 was published Oct 9, 2025
A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of... Moderate Unreviewed
CVE-2025-11523 was published Oct 9, 2025
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when... High Unreviewed
CVE-2025-9900 was published Sep 23, 2025
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE Critical
CVE-2025-10283 was published for bbot (pip) Oct 9, 2025
justinsteven
Credited to justinsteven
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver Moderate
CVE-2025-10281 was published for bbot (pip) Oct 9, 2025
justinsteven liquidsec
Credited to justinsteven and liquidsec
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE Critical
CVE-2025-10284 was published for bbot (pip) Oct 9, 2025
justinsteven liquidsec
TheTechromancer
Credited to justinsteven, liquidsec, and TheTechromancer
MCPHub's ServerController is vulnerable to Command Injection Low
CVE-2025-11285 was published for @samanhappy/mcphub (npm) Oct 5, 2025
MCPHub has an Improper Authorization vulnerability via its handleSseConnection function Moderate
CVE-2025-11287 was published for @samanhappy/mcphub (npm) Oct 5, 2025
Amazon.IonDotnet is vulnerable to Denial of Service attacks High
CVE-2025-11573 was published for Amazon.IonDotnet (NuGet) Oct 9, 2025
A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file ... Moderate Unreviewed
CVE-2025-10092 was published Sep 8, 2025
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list... Moderate Unreviewed
CVE-2025-60265 was published Oct 9, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... Moderate Unreviewed
CVE-2025-34232 was published Sep 29, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments)... High Unreviewed
CVE-2025-34208 was published Oct 2, 2025
In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list... Moderate Unreviewed
CVE-2025-60267 was published Oct 9, 2025
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an... Moderate Unreviewed
CVE-2025-11371 was published Oct 9, 2025
There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing... High Unreviewed
CVE-2025-57775 was published Sep 2, 2025
There is an out of bounds write vulnerability due to improper bounds checking resulting in an... High Unreviewed
CVE-2025-57778 was published Sep 2, 2025
D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the... High Unreviewed
CVE-2025-61577 was published Oct 9, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... High Unreviewed
CVE-2025-34228 was published Sep 29, 2025
An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart... Moderate Unreviewed
CVE-2025-56426 was published Oct 9, 2025
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address... Moderate Unreviewed
CVE-2025-60266 was published Oct 9, 2025
There is an out of bounds write vulnerability due to improper bounds checking resulting in an... High Unreviewed
CVE-2025-57776 was published Sep 2, 2025
A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the... Moderate Unreviewed
CVE-2025-10091 was published Sep 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载