Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
36
Go
2,521
Maven
5,000+
npm
4,167
NuGet
741
pip
3,963
Pub
12
RubyGems
946
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

138,323 advisories

Loading
lobe-chat has an Open Redirect Moderate
CVE-2025-59426 was published for @lobehub/chat (npm) Sep 24, 2025
im-soohyun
Llama Stack could potentially allow for remote code execution Moderate
CVE-2025-55178 was published for llama-stack (pip) Sep 24, 2025
Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure Moderate
GHSA-xh92-rqrq-227v was published for @mastra/mcp-docs-server (npm) Sep 24, 2025
lirantal
A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point ... Moderate Unreviewed
CVE-2025-20364 was published Sep 24, 2025
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level... Moderate Unreviewed
CVE-2025-20314 was published Sep 24, 2025
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2025-20338 was published Sep 24, 2025
A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point... Moderate Unreviewed
CVE-2025-20365 was published Sep 24, 2025
A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series... Moderate Unreviewed
CVE-2025-20293 was published Sep 24, 2025
A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote... Moderate Unreviewed
CVE-2025-20240 was published Sep 24, 2025
Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2025-20313 was published Sep 24, 2025
A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco... Moderate Unreviewed
CVE-2025-20316 was published Sep 24, 2025
A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge... Moderate Unreviewed
CVE-2025-20339 was published Sep 24, 2025
A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an... Moderate Unreviewed
CVE-2025-20149 was published Sep 24, 2025
CSVTOJSON has a prototype pollution vulnerability Moderate
CVE-2025-57350 was published for csvtojson (npm) Sep 24, 2025
information disclosure while invoking calibration data from user space to update firmware size. Moderate Unreviewed
CVE-2025-27030 was published Sep 24, 2025
Information disclosure when Video engine escape input data is less than expected minimum size. Moderate Unreviewed
CVE-2025-27036 was published Sep 24, 2025
Information disclosure while running video usecase having rogue firmware. Moderate Unreviewed
CVE-2025-27033 was published Sep 24, 2025
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content... Moderate Unreviewed
CVE-2025-10360 was published Sep 24, 2025
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing... Moderate Unreviewed
CVE-2025-9569 was published Sep 24, 2025
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing... Moderate Unreviewed
CVE-2025-9567 was published Sep 24, 2025
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing... Moderate Unreviewed
CVE-2025-9568 was published Sep 24, 2025
pip's fallback tar extraction doesn't check symbolic links point to extraction directory Moderate
CVE-2025-8869 was published for pip (pip) Sep 24, 2025
NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds... Moderate Unreviewed
CVE-2025-23274 was published Sep 24, 2025
NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read... Moderate Unreviewed
CVE-2025-23272 was published Sep 24, 2025
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several... Moderate Unreviewed
CVE-2025-9353 was published Sep 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database