Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,812
Maven
5,000+
npm
4,426
NuGet
773
pip
4,203
Pub
12
RubyGems
968
Rust
1,086
Swift
47
Unreviewed advisories
All unreviewed
5,000+

116,855 advisories

Loading
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4).... High Unreviewed
CVE-2025-40942 was published Jan 13, 2026
A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All... High Unreviewed
CVE-2025-40944 was published Jan 13, 2026
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious... High Unreviewed
CVE-2025-41717 was published Jan 13, 2026
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform,... High Unreviewed
CVE-2026-0506 was published Jan 13, 2026
SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks... High Unreviewed
CVE-2026-0511 was published Jan 13, 2026
Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver... High Unreviewed
CVE-2026-0507 was published Jan 13, 2026
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision... High Unreviewed
CVE-2025-66176 was published Jan 13, 2026
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision... High Unreviewed
CVE-2025-66177 was published Jan 13, 2026
SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid... High Unreviewed
CVE-2026-0492 was published Jan 13, 2026
Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability... High Unreviewed
CVE-2025-15514 was published Jan 13, 2026
LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ... High Unreviewed
CVE-2024-58340 was published Jan 13, 2026
LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe... High Unreviewed
CVE-2024-14021 was published Jan 13, 2026
LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled... High Unreviewed
CVE-2024-58339 was published Jan 13, 2026
Enhancesoft osTicket versions up to and including 1.18.2 contain an arbitrary file read... High Unreviewed
CVE-2026-22200 was published Jan 12, 2026
Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to... High Unreviewed
CVE-2023-36331 was published Jan 12, 2026
Errands before 46.2.10 does not verify TLS certificates for CalDAV servers. High Unreviewed
CVE-2025-71063 was published Jan 12, 2026
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain... High Unreviewed
CVE-2025-46067 was published Jan 12, 2026
An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the... High Unreviewed
CVE-2025-46068 was published Jan 12, 2026
Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field High
CVE-2026-22033 was published for label-studio (pip) Jan 12, 2026
david3107
Credited to david3107
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS High
CVE-2025-68472 was published for MindsDB (pip) Jan 12, 2026
locus-x64
Credited to locus-x64
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user... High Unreviewed
CVE-2025-41077 was published Jan 12, 2026
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated... High Unreviewed
CVE-2025-41078 was published Jan 12, 2026
Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘... High Unreviewed
CVE-2025-41004 was published Jan 12, 2026
Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘... High Unreviewed
CVE-2025-41005 was published Jan 12, 2026
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack... High Unreviewed
CVE-2025-14279 was published Jan 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database