Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,486
Maven
5,000+
npm
4,104
NuGet
735
pip
3,918
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,283 advisories

Loading
Coder vulnerable to privilege escalation could lead to a cross workspace compromise High
CVE-2025-58437 was published for github.com/coder/coder/v2 (Go) Sep 5, 2025
johnstcn
On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against... High Unreviewed
CVE-2025-9709 was published Sep 5, 2025
In System UI, there is a possible way to view other users' images due to a confused deputy. This... High Unreviewed
CVE-2025-32320 was published Sep 5, 2025
In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead... High Unreviewed
CVE-2025-32318 was published Sep 5, 2025
Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player allows... High Unreviewed
CVE-2025-48104 was published Sep 5, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-57889 was published Sep 5, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-58206 was published Sep 5, 2025
Path Traversal vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay allows... High Unreviewed
CVE-2025-48317 was published Sep 5, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-58214 was published Sep 5, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53307 was published Sep 5, 2025
Some payload elements of the messages sent between two stations in a networking architecture are... High Unreviewed
CVE-2025-9999 was published Sep 5, 2025
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air... High Unreviewed
CVE-2025-30199 was published Sep 5, 2025
In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app... High Unreviewed
CVE-2025-26450 was published Sep 5, 2025
In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots... High Unreviewed
CVE-2025-26452 was published Sep 5, 2025
In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap... High Unreviewed
CVE-2025-26455 was published Sep 5, 2025
In multiple functions of CameraService.cpp, there is a possible way to use the camera from the... High Unreviewed
CVE-2025-26440 was published Sep 5, 2025
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle... High Unreviewed
CVE-2025-32312 was published Sep 5, 2025
pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This... High Unreviewed
CVE-2025-9636 was published Sep 5, 2025
NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with... High Unreviewed
CVE-2025-23256 was published Sep 5, 2025
NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an... High Unreviewed
CVE-2025-23257 was published Sep 5, 2025
NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that... High Unreviewed
CVE-2025-23258 was published Sep 5, 2025
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release... High Unreviewed
CVE-2023-21476 was published Sep 5, 2025
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release... High Unreviewed
CVE-2023-21475 was published Sep 5, 2025
index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. High Unreviewed
CVE-2025-58780 was published Sep 5, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-58881 was published Sep 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database