Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

139,842 advisories

Loading
An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to... Moderate Unreviewed
CVE-2025-41705 was published Oct 14, 2025
The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote... Moderate Unreviewed
CVE-2025-41707 was published Oct 14, 2025
An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific... Moderate Unreviewed
CVE-2025-41704 was published Oct 14, 2025
The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker... Moderate Unreviewed
CVE-2025-41706 was published Oct 14, 2025
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-10732 was published Oct 14, 2025
SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with... Moderate Unreviewed
CVE-2025-42939 was published Oct 14, 2025
Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an... Moderate Unreviewed
CVE-2025-42902 was published Oct 14, 2025
A vulnerability in SAP Financial Service Claims Management RFC function... Moderate Unreviewed
CVE-2025-42903 was published Oct 14, 2025
SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript... Moderate Unreviewed
CVE-2025-42901 was published Oct 14, 2025
SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web... Moderate Unreviewed
CVE-2025-42906 was published Oct 14, 2025
Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for... Moderate Unreviewed
CVE-2025-42908 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62390 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62392 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62385 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62383 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62386 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62384 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62388 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62389 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62391 was published Oct 14, 2025
Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0... Moderate Unreviewed
CVE-2025-62251 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-62387 was published Oct 14, 2025
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary... Moderate Unreviewed
CVE-2025-11623 was published Oct 14, 2025
LibreNMS is vulnerable to Reflected-XSS in `report_this` function Moderate
CVE-2025-62365 was published for librenms/librenms (Composer) Oct 13, 2025
GatekeeperBuster
Credited to GatekeeperBuster
A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown... Moderate Unreviewed
CVE-2025-9721 was published Oct 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database