Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,762
Maven
5,000+
npm
4,371
NuGet
767
pip
4,141
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

116,033 advisories

Loading
The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An... High Unreviewed
CVE-2025-14300 was published Dec 20, 2025
The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can... High Unreviewed
CVE-2025-14299 was published Dec 20, 2025
A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An... High Unreviewed
CVE-2025-8065 was published Dec 20, 2025
External Control of File Name or Path in Langflow High
CVE-2025-68478 was published for langflow (pip) Dec 19, 2025
J1vvoo
Credited to J1vvoo
Langflow vulnerable to Server-Side Request Forgery High
CVE-2025-68477 was published for langflow (pip) Dec 19, 2025
im-soohyun
Credited to im-soohyun
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local... High Unreviewed
CVE-2023-53947 was published Dec 19, 2025
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative... High Unreviewed
CVE-2023-53956 was published Dec 19, 2025
Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft... High Unreviewed
CVE-2023-53946 was published Dec 19, 2025
ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to... High Unreviewed
CVE-2023-53954 was published Dec 19, 2025
BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in... High Unreviewed
CVE-2023-53945 was published Dec 19, 2025
Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated... High Unreviewed
CVE-2023-53952 was published Dec 19, 2025
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute... High Unreviewed
CVE-2023-53959 was published Dec 19, 2025
AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate... High Unreviewed
CVE-2023-53949 was published Dec 19, 2025
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user... High Unreviewed
CVE-2023-53957 was published Dec 19, 2025
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows... High Unreviewed
CVE-2023-53958 was published Dec 19, 2025
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar... High Unreviewed
CVE-2025-14812 was published Dec 19, 2025
EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows... High Unreviewed
CVE-2025-67442 was published Dec 19, 2025
ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address... High Unreviewed
CVE-2025-14809 was published Dec 19, 2025
The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths... High Unreviewed
CVE-2025-66905 was published Dec 19, 2025
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial... High Unreviewed
CVE-2025-66909 was published Dec 19, 2025
igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service ... High Unreviewed
CVE-2025-50681 was published Dec 19, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Restajet Information Technologies Inc. Online... High Unreviewed
CVE-2025-1927 was published Dec 19, 2025
Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization High
CVE-2025-66524 was published for org.apache.nifi:nifi-asana-processors (Maven) Dec 19, 2025
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized... High Unreviewed
CVE-2025-14847 was published Dec 19, 2025
A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025... High Unreviewed
CVE-2025-66495 was published Dec 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database