Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,880
Maven
5,000+
npm
4,518
NuGet
784
pip
4,260
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

117,980 advisories

Loading
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to... High Unreviewed
CVE-2020-37008 was published Jan 29, 2026
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to... High Unreviewed
CVE-2020-37002 was published Jan 29, 2026
Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that... High Unreviewed
CVE-2020-37015 was published Jan 29, 2026
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote... High Unreviewed
CVE-2020-37000 was published Jan 29, 2026
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access... High Unreviewed
CVE-2020-36999 was published Jan 29, 2026
BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to... High Unreviewed
CVE-2020-37016 was published Jan 29, 2026
Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows... High Unreviewed
CVE-2020-37004 was published Jan 29, 2026
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to... High Unreviewed
CVE-2020-37020 was published Jan 29, 2026
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to... High Unreviewed
CVE-2020-37017 was published Jan 29, 2026
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that... High Unreviewed
CVE-2020-37005 was published Jan 29, 2026
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that... High Unreviewed
CVE-2020-37009 was published Jan 29, 2026
BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords... High Unreviewed
CVE-2020-37010 was published Jan 29, 2026
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File... High Unreviewed
CVE-2020-37001 was published Jan 29, 2026
BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the... High Unreviewed
CVE-2020-36997 was published Jan 29, 2026
berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_record' parameter that allows... High Unreviewed
CVE-2020-37006 was published Jan 29, 2026
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and... High Unreviewed
CVE-2020-37013 was published Jan 29, 2026
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to... High Unreviewed
CVE-2020-37011 was published Jan 29, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-7713 was published Jan 29, 2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-7714 was published Jan 29, 2026
10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple... High Unreviewed
CVE-2020-37021 was published Jan 29, 2026
The $uri$args concatenation in nginx configuration file present in Open Security Issue Management... High Unreviewed
CVE-2026-1616 was published Jan 29, 2026
React Server Components have multiple Denial of Service Vulnerabilities High
CVE-2026-23864 was published for react-server-dom-parcel (npm) Jan 29, 2026
mufeedvh Ry0taK
jviide marckwei
Credited to mufeedvh, Ry0taK, jviide, and marckwei
Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade... High Unreviewed
CVE-2025-7016 was published Jan 29, 2026
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal High
GHSA-f72r-2h5j-7639 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 28, 2026
EaEa0001
Credited to EaEa0001
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload High
CVE-2026-24769 was published for nocodb (npm) Jan 28, 2026
p-
Credited to p-
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database