Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,485
Maven
5,000+
npm
4,104
NuGet
734
pip
3,918
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,380 advisories

Loading
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami... Low Unreviewed
CVE-2025-58866 was published Sep 5, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in PickPlugins Job Board... Low Unreviewed
CVE-2025-58827 was published Sep 5, 2025
Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor allows... Low Unreviewed
CVE-2025-58816 was published Sep 5, 2025
Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade... Low Unreviewed
CVE-2024-21977 was published Sep 5, 2025
In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a... Low Unreviewed
CVE-2025-26428 was published Sep 4, 2025
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM... Low Unreviewed
CVE-2025-2667 was published Sep 4, 2025
PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps Low
GHSA-vxmw-7h4f-hqxh was published for pypa/gh-action-pypi-publish (GitHub Actions) Sep 4, 2025
woodruffw
Weblate has a long session expiry when verifying second factor Low
CVE-2025-58352 was published for Weblate (pip) Sep 4, 2025
nijel
Mautic vulnerable to SSRF via webhook function Low
CVE-2025-9821 was published for mautic/core (Composer) Sep 3, 2025
asesidaa patrykgruszka
kuzmany lukehebe
CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package Low
CVE-2025-58064 was published for @ckeditor/ckeditor5-clipboard (npm) Sep 3, 2025
OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a... Low Unreviewed
CVE-2025-8662 was published Sep 3, 2025
Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack... Low Unreviewed
CVE-2025-41000 was published Sep 3, 2025
Apache DolphinScheduler Incorrect Default Permissions Vulnerability Low
CVE-2024-43166 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Sep 3, 2025
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2025-9325 was published Sep 2, 2025
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2025-9324 was published Sep 2, 2025
Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2025-9323 was published Sep 2, 2025
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2025-9327 was published Sep 2, 2025
rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability... Low Unreviewed
CVE-2025-7974 was published Sep 2, 2025
Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read... Low Unreviewed
CVE-2025-8298 was published Sep 2, 2025
MobSF Path Traversal in GET /download/<filename> using absolute filenames Low
CVE-2025-58161 was published for mobsf (pip) Sep 2, 2025
noname1337h1
A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an... Low Unreviewed
CVE-2025-9778 was published Sep 2, 2025
A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown... Low Unreviewed
CVE-2025-9731 was published Aug 31, 2025
Tracing logging user input may result in poisoning logs with ANSI escape sequences Low
CVE-2025-58160 was published for tracing-subscriber (Rust) Aug 29, 2025
zefr0x
A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker... Low Unreviewed
CVE-2025-44015 was published Aug 29, 2025
A buffer overflow vulnerability has been reported to affect several QNAP operating system... Low Unreviewed
CVE-2025-30265 was published Aug 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database