Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,778
Maven
5,000+
npm
4,379
NuGet
770
pip
4,150
Pub
12
RubyGems
963
Rust
1,071
Swift
45
Unreviewed advisories
All unreviewed
5,000+

348 advisories

Loading
SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows... Critical Unreviewed
CVE-2023-53966 was published Dec 23, 2025
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1... Low Unreviewed
CVE-2025-52666 was published Nov 20, 2025
A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1... High Unreviewed
CVE-2025-48826 was published Oct 7, 2025
A use of externally-controlled format string vulnerability has been reported to affect several... Moderate Unreviewed
CVE-2025-53407 was published Oct 3, 2025
A use of externally-controlled format string vulnerability has been reported to affect several... Moderate Unreviewed
CVE-2025-52429 was published Oct 3, 2025
A use of externally-controlled format string vulnerability has been reported to affect several... Moderate Unreviewed
CVE-2025-53406 was published Oct 3, 2025
A use of externally-controlled format string vulnerability has been reported to affect several... Moderate Unreviewed
CVE-2025-48730 was published Oct 3, 2025
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute... High Unreviewed
CVE-2025-36202 was published Sep 22, 2025
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution High
CVE-2025-55298 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
leehohojune hanbunny
jin-156 amethyst0225 pigeontwo9999
Credited to leehohojune, hanbunny, jin-156, amethyst0225, and pigeontwo9999
Solar FTP Server fails to properly handle format strings passed to the USER command. When a... High Unreviewed
CVE-2011-10029 was published Aug 20, 2025
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of... Critical Unreviewed
CVE-2012-10055 was published Aug 13, 2025
Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows... Critical Unreviewed
CVE-2025-40600 was published Jul 30, 2025
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139... High Unreviewed
CVE-2025-46123 was published Jul 21, 2025
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139... High Unreviewed
CVE-2025-46121 was published Jul 21, 2025
A use of externally-controlled format string vulnerability has been reported to affect Qsync... Low Unreviewed
CVE-2025-22482 was published Jun 6, 2025
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0... High Unreviewed
CVE-2024-45324 was published Mar 11, 2025
An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for... Moderate Unreviewed
CVE-2024-55156 was published Feb 21, 2025
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version... Moderate Unreviewed
CVE-2023-40721 was published Feb 11, 2025
ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape High
CVE-2025-24359 was published for asteval (pip) Jan 24, 2025
SteakEnthusiast
Credited to SteakEnthusiast
A post-authentication format string vulnerability in SonicOS management allows a remote attacker... Critical Unreviewed
CVE-2024-12805 was published Jan 9, 2025
A use of externally-controlled format string vulnerability has been reported to affect several... Low Unreviewed
CVE-2024-50402 was published Dec 6, 2024
A use of externally-controlled format string vulnerability has been reported to affect several... Low Unreviewed
CVE-2024-50403 was published Dec 6, 2024
The HttpRequest object allows to get the HTTP headers from the server's response after sending... Critical Unreviewed
CVE-2024-42330 was published Nov 27, 2024
A use of externally-controlled format string vulnerability has been reported to affect several... High Unreviewed
CVE-2024-50396 was published Nov 22, 2024
A use of externally-controlled format string vulnerability has been reported to affect several... Low Unreviewed
CVE-2024-50401 was published Nov 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database