Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
Microsoft Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local... Moderate Unreviewed
CVE-2018-25239 was published Apr 4, 2026
An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate... Moderate Unreviewed
CVE-2026-23923 was published Mar 24, 2026
Craft CMS is Vulnerable to Authenticated Remote Code Execution via Malicious Attached Behavior High
CVE-2026-33157 was published for craftcms/cms (Composer) Mar 24, 2026
yuma4869 Credited to yuma4869
Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController High
CVE-2026-32264 was published for craftcms/cms (Composer) Mar 16, 2026
Craft CMS vulnerable to behavior injection RCE via EntryTypesController High
CVE-2026-32263 was published for craftcms/cms (Composer) Mar 16, 2026
q1uf3ng Credited to q1uf3ng
Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware High
GHSA-cwxj-rr6w-m6w7 was published for Scrapy (pip) Mar 13, 2026
Tomer-PL Credited to Tomer-PL
Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior High
CVE-2026-25498 was published for craftcms/cms (Composer) Feb 9, 2026
RajChowdhury240 Credited to RajChowdhury240 and rlarabee rlarabee rlarabee
Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior High
CVE-2025-68455 was published for craftcms/cms (Composer) Jan 5, 2026
chutchut Credited to chutchut
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does... Critical Unreviewed
CVE-2025-34393 was published Dec 10, 2025
AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
GHSA-8wj8-cfxr-9374 was published for aws-advanced-nodejs-wrapper (npm) Nov 13, 2025
AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance High
GHSA-7wq2-32h4-9hc9 was published for github.com/aws/aws-advanced-go-wrapper/awssql (Go) Nov 13, 2025
Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
GHSA-7xw4-g7mm-r4hh was published for software.amazon.jdbc:aws-advanced-jdbc-wrapper (Maven) Nov 13, 2025
AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance High
CVE-2025-12967 was published for aws_advanced_python_wrapper (pip) Nov 13, 2025
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz... Critical Unreviewed
CVE-2025-63690 was published Nov 7, 2025
Astro's `X-Forwarded-Host` is reflected without validation Moderate
CVE-2025-61925 was published for astro (npm) Oct 10, 2025
Chisnet Credited to Chisnet
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Critical Unreviewed
CVE-2025-53693 was published Sep 3, 2025
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection... High Unreviewed
CVE-2025-3600 was published May 14, 2025
generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework High
CVE-2025-31119 was published for generator-jhipster-entity-audit (npm) Apr 4, 2025
OmarHawk Credited to OmarHawk
An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to... High Unreviewed
CVE-2025-2794 was published Mar 31, 2025
A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the... High Unreviewed
CVE-2024-7059 was published Nov 5, 2024
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code... Critical Unreviewed
CVE-2024-8015 was published Oct 9, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is... High Unreviewed
CVE-2024-8048 was published Oct 9, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is... High Unreviewed
CVE-2024-8014 was published Oct 9, 2024
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is... High Unreviewed
CVE-2024-6096 was published Jul 24, 2024
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability... Moderate Unreviewed
CVE-2024-1574 was published Jul 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database