Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
In System UI, there is a possible way to view other users' images due to a confused deputy. This... High Unreviewed
CVE-2025-32320 was published Sep 5, 2025
In App Widget, there is a possible Information Disclosure due to a confused deputy. This could... Moderate Unreviewed
CVE-2025-32317 was published Sep 5, 2025
In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots... High Unreviewed
CVE-2025-26452 was published Sep 5, 2025
In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the... High Unreviewed
CVE-2025-48532 was published Sep 4, 2025
In multiple locations, there is a possible leak of an image across the Android User isolation... Moderate Unreviewed
CVE-2025-48551 was published Sep 4, 2025
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access... Moderate Unreviewed
CVE-2025-48545 was published Sep 4, 2025
In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a... Moderate Unreviewed
CVE-2025-48560 was published Sep 4, 2025
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data... Moderate Unreviewed
CVE-2025-48529 was published Sep 4, 2025
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible... High Unreviewed
CVE-2025-22441 was published Sep 4, 2025
In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent... High Unreviewed
CVE-2025-32321 was published Sep 4, 2025
In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch... High Unreviewed
CVE-2025-32324 was published Sep 4, 2025
In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent... High Unreviewed
CVE-2025-32326 was published Sep 4, 2025
In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact... High Unreviewed
CVE-2025-32346 was published Sep 4, 2025
In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to... High Unreviewed
CVE-2025-26454 was published Sep 4, 2025
kro Confused Deputy vulnerability Moderate
CVE-2025-48710 was published for github.com/kro-run/kro (Go) Jun 4, 2025
code-server's session cookie can be extracted by having user visit specially crafted proxy URL High
CVE-2025-47269 was published for code-server (npm) May 9, 2025
Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series... Moderate Unreviewed
CVE-2025-25061 was published Apr 4, 2025
An external service interaction vulnerability in GitLab EE affecting all versions from 15.11... Moderate Unreviewed
CVE-2024-9870 was published Feb 12, 2025
Mitmweb API Authentication Bypass Using Proxy Server High
CVE-2025-23217 was published for mitmproxy (pip) Feb 6, 2025
gronke mhils
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated... High Unreviewed
CVE-2024-30128 was published Sep 25, 2024
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a... High Unreviewed
CVE-2024-31319 was published Jul 9, 2024
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull Moderate
CVE-2024-34068 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux matthewpi
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users... Moderate Unreviewed
CVE-2024-0387 was published Feb 26, 2024
In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending... High Unreviewed
CVE-2023-40111 was published Feb 16, 2024
In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to... Moderate Unreviewed
CVE-2023-21082 was published Apr 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database