Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

358 advisories

Loading
An unauthenticated remote attacker may be able to control the format string of messages processed... High Unreviewed
CVE-2026-3509 was published Mar 24, 2026
Ruby JSON has a format string injection vulnerability High
CVE-2026-33210 was published for json (RubyGems) Mar 19, 2026
DavidKorczynski Credited to DavidKorczynski
A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0... High Unreviewed
CVE-2025-68648 was published Mar 10, 2026
A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a... Moderate Unreviewed
CVE-2026-0400 was published Feb 24, 2026
A use of externally-controlled format string vulnerability has been reported to affect Qsync... Low Unreviewed
CVE-2025-30269 was published Feb 11, 2026
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6... Moderate Unreviewed
CVE-2025-64157 was published Feb 10, 2026
HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in... Low Unreviewed
CVE-2026-21640 was published Jan 20, 2026
n8n: Webhook Node IP Whitelist Bypass via Partial String Matching Moderate
CVE-2025-68949 was published for n8n (npm) Jan 13, 2026
berkdedekarginoglu Credited to berkdedekarginoglu
Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string... Moderate Unreviewed
CVE-2026-22190 was published Jan 7, 2026
A use of externally-controlled format string vulnerability has been reported to affect several... Low Unreviewed
CVE-2025-53591 was published Jan 2, 2026
SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows... Critical Unreviewed
CVE-2023-53966 was published Dec 23, 2025
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1... Low Unreviewed
CVE-2025-52666 was published Nov 20, 2025
A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1... High Unreviewed
CVE-2025-48826 was published Oct 7, 2025
A use of externally-controlled format string vulnerability has been reported to affect several... Moderate Unreviewed
CVE-2025-52429 was published Oct 3, 2025
A use of externally-controlled format string vulnerability has been reported to affect several... Moderate Unreviewed
CVE-2025-53406 was published Oct 3, 2025
A use of externally-controlled format string vulnerability has been reported to affect several... Moderate Unreviewed
CVE-2025-53407 was published Oct 3, 2025
A use of externally-controlled format string vulnerability has been reported to affect several... Moderate Unreviewed
CVE-2025-48730 was published Oct 3, 2025
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute... High Unreviewed
CVE-2025-36202 was published Sep 22, 2025
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution High
CVE-2025-55298 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
leehohojune Credited to leehohojune, hanbunny, jin-156, amethyst0225, and pigeontwo9999 hanbunny hanbunny
jin-156 jin-156 amethyst0225 amethyst0225 pigeontwo9999 pigeontwo9999
Solar FTP Server fails to properly handle format strings passed to the USER command. When a... High Unreviewed
CVE-2011-10029 was published Aug 20, 2025
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of... Critical Unreviewed
CVE-2012-10055 was published Aug 13, 2025
Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows... Critical Unreviewed
CVE-2025-40600 was published Jul 30, 2025
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139... High Unreviewed
CVE-2025-46123 was published Jul 21, 2025
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139... High Unreviewed
CVE-2025-46121 was published Jul 21, 2025
A use of externally-controlled format string vulnerability has been reported to affect Qsync... Low Unreviewed
CVE-2025-22482 was published Jun 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database