Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,651
Erlang
34
GitHub Actions
26
Go
2,253
Maven
5,000+
npm
3,906
NuGet
703
pip
3,677
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

22,119 advisories

Loading
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow... Critical Unreviewed
CVE-2025-45429 was published Apr 23, 2025
In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform... Critical Unreviewed
CVE-2025-45428 was published Apr 23, 2025
In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform... Critical Unreviewed
CVE-2025-45427 was published Apr 23, 2025
This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on... Critical Unreviewed
CVE-2025-42605 was published Apr 23, 2025
A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an... Critical Unreviewed
CVE-2025-37087 was published Apr 22, 2025
MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection... Critical Unreviewed
CVE-2025-43949 was published Apr 22, 2025
TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with... Critical Unreviewed
CVE-2025-43946 was published Apr 22, 2025
LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve... Critical Unreviewed
CVE-2025-43951 was published Apr 22, 2025
A path traversal vulnerability in Commvault Command Center Innovation Release allows an... Critical Unreviewed
CVE-2025-34028 was published Apr 22, 2025
TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28039 was published Apr 22, 2025
TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28038 was published Apr 22, 2025
TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28036 was published Apr 22, 2025
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php... Critical Unreviewed
CVE-2023-43958 was published Apr 22, 2025
An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass... Critical Unreviewed
CVE-2023-44752 was published Apr 22, 2025
Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the... Critical Unreviewed
CVE-2023-44755 was published Apr 22, 2025
TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution... Critical Unreviewed
CVE-2025-28035 was published Apr 22, 2025
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in... Critical Unreviewed
CVE-2025-28024 was published Apr 22, 2025
TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a... Critical Unreviewed
CVE-2025-28037 was published Apr 22, 2025
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local... Critical Unreviewed
CVE-2025-1950 was published Apr 22, 2025
An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a... Critical Unreviewed
CVE-2024-40446 was published Apr 22, 2025
TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu... Critical Unreviewed
CVE-2025-28034 was published Apr 22, 2025
The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. Critical Unreviewed
CVE-2024-58250 was published Apr 22, 2025
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function... Critical Unreviewed
CVE-2025-29659 was published Apr 21, 2025
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a... Critical Unreviewed
CVE-2025-29660 was published Apr 21, 2025
Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows... Critical Unreviewed
CVE-2025-28232 was published Apr 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database