Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,880
Maven
5,000+
npm
4,518
NuGet
784
pip
4,260
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

313,201 advisories

Loading
BrowserStack Local vulnerable to Command Injection through logfile variable Moderate
CVE-2025-57283 was published for browserstack-local (npm) Jan 28, 2026
Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure) Critical
GHSA-vg9h-jx4v-cwx2 was published for dfir-unfurl (pip) Jan 29, 2026
mobasi-team
Credited to mobasi-team
Unfurl's unbounded zlib decompression allows decompression bomb DoS Moderate
GHSA-h5qv-qjv4-pc5m was published for dfir-unfurl (pip) Jan 29, 2026
mobasi-team
Credited to mobasi-team
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can... Critical Unreviewed
CVE-2025-15467 was published Jan 27, 2026
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when... Moderate Unreviewed
CVE-2025-15469 was published Jan 27, 2026
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial... Moderate Unreviewed
CVE-2025-28162 was published Jan 27, 2026
Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client... Moderate Unreviewed
CVE-2025-15468 was published Jan 27, 2026
A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this... Moderate Unreviewed
CVE-2026-1593 was published Jan 29, 2026
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to... High Unreviewed
CVE-2020-37008 was published Jan 29, 2026
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to... High Unreviewed
CVE-2020-37002 was published Jan 29, 2026
Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that... High Unreviewed
CVE-2020-37015 was published Jan 29, 2026
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated... Moderate Unreviewed
CVE-2020-37018 was published Jan 29, 2026
BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to... High Unreviewed
CVE-2020-37016 was published Jan 29, 2026
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2020-37012 was published Jan 29, 2026
Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows... High Unreviewed
CVE-2020-37004 was published Jan 29, 2026
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to... High Unreviewed
CVE-2020-37020 was published Jan 29, 2026
An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9... Unknown Unreviewed
CVE-2025-71009 was published Jan 29, 2026
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to... High Unreviewed
CVE-2020-37017 was published Jan 29, 2026
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that... High Unreviewed
CVE-2020-37005 was published Jan 29, 2026
BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords... High Unreviewed
CVE-2020-37010 was published Jan 29, 2026
berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_record' parameter that allows... High Unreviewed
CVE-2020-37006 was published Jan 29, 2026
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and... High Unreviewed
CVE-2020-37013 was published Jan 29, 2026
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to... High Unreviewed
CVE-2020-37011 was published Jan 29, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-7713 was published Jan 29, 2026
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an... Moderate Unreviewed
CVE-2026-1589 was published Jan 29, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database