Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

11,445 advisories

Loading
Improper input validation in the system management mode (SMM) could allow a privileged attacker... High Unreviewed
CVE-2024-21947 was published Sep 6, 2025
Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow... High Unreviewed
CVE-2024-36342 was published Sep 6, 2025
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker... High Unreviewed
CVE-2024-36354 was published Sep 6, 2025
An authorized user can cause a crash in the MongoDB Server through a specially crafted $group... Moderate Unreviewed
CVE-2025-10061 was published Sep 5, 2025
In getCallingAppName of Shared.java, there is a possible way to trick users into granting file... High Unreviewed
CVE-2025-32323 was published Sep 4, 2025
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1... Moderate Unreviewed
CVE-2023-21472 was published Sep 5, 2025
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1... Moderate Unreviewed
CVE-2023-21473 was published Sep 5, 2025
Velocidex WinPmem versions below 4.1 suffer from an Improper Input Validation vulnerability... High Unreviewed
CVE-2024-10972 was published Dec 16, 2024
In multiple methods of NotificationChannel.java, there is a possible desynchronization from... High Unreviewed
CVE-2025-48556 was published Sep 4, 2025
In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops... Moderate Unreviewed
CVE-2025-48559 was published Sep 4, 2025
In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a... High Unreviewed
CVE-2025-32322 was published Sep 4, 2025
In multiple locations, there is a possible way to persistently DoS the device due to improper... High Unreviewed
CVE-2025-48537 was published Sep 4, 2025
In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user... High Unreviewed
CVE-2025-48541 was published Sep 4, 2025
In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to... Moderate Unreviewed
CVE-2025-48538 was published Sep 4, 2025
In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to... Moderate Unreviewed
CVE-2025-26429 was published Sep 4, 2025
In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to... Moderate Unreviewed
CVE-2025-26426 was published Sep 4, 2025
Vaadin Platform possible file bypass via upload validation on the server-side Moderate
GHSA-c7v7-rqfm-f44j was published for com.vaadin:vaadin (Maven) Sep 4, 2025
Vaadin Flow Components possible file bypass via upload validation on the server-side Moderate
GHSA-94g8-xv23-7656 was published for com.vaadin:vaadin-upload-flow (Maven) Sep 4, 2025
Vaadin Framework possible file bypass via upload validation on the server-side Moderate
CVE-2025-9467 was published for com.vaadin:vaadin-server (Maven) Sep 4, 2025
In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to... High Unreviewed
CVE-2024-56190 was published Sep 4, 2025
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input... Critical Unreviewed
CVE-2024-45169 was published Aug 22, 2024
OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a... Low Unreviewed
CVE-2025-8662 was published Sep 3, 2025
Spoofing attack in swagger-ui Moderate
CVE-2018-25031 was published for org.webjars:swagger-ui (Maven) Mar 12, 2022
AndrzejBiernacki2010
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an... High Unreviewed
CVE-2024-3646 was published Apr 19, 2024
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
anlakii
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database