Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,715 advisories

Loading
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this... Low Unreviewed
CVE-2025-58290 was published Oct 11, 2025
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this... Low Unreviewed
CVE-2025-58292 was published Oct 11, 2025
Permission control vulnerability in the camera module. Successful exploitation of this... Low Unreviewed
CVE-2025-58282 was published Oct 11, 2025
Sinatra is vulnerable to ReDoS through ETag header value generation Low
CVE-2025-61921 was published for sinatra (RubyGems) Oct 10, 2025
dentarg
Credited to dentarg
A vulnerability  Cacheable SSL Page Found vulnerability has been identified in HCL AION.  ... Low Unreviewed
CVE-2025-52625 was published Oct 10, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue... Low Unreviewed
CVE-2025-52634 was published Oct 10, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue... Low Unreviewed
CVE-2025-52630 was published Oct 10, 2025
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION... Low Unreviewed
CVE-2025-52635 was published Oct 10, 2025
Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6... Low Unreviewed
CVE-2025-52655 was published Oct 10, 2025
Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows... Low Unreviewed
CVE-2025-21046 was published Oct 10, 2025
Withdrawn Advisory: cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations Low
CVE-2025-11569 was published for cross-zip (npm) Oct 10, 2025 withdrawn
MarshallOfSound
Credited to MarshallOfSound
drupal-pattern-lab/unified-twig-extensions is vulnerable to XXS Low
CVE-2025-11570 was published for drupal-pattern-lab/unified-twig-extensions (Composer) Oct 10, 2025
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4... Low Unreviewed
CVE-2025-32916 was published Oct 9, 2025
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This... Low Unreviewed
CVE-2025-11489 was published Oct 8, 2025
In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire... Low Unreviewed
CVE-2025-5009 was published Oct 8, 2025
Deno's --deny-read check does not prevent permission bypass Low
CVE-2025-61786 was published for deno (Rust) Oct 8, 2025
dellalibera
Credited to dellalibera
Deno's --deny-write check does not prevent permission bypass Low
CVE-2025-61785 was published for deno (Rust) Oct 7, 2025
dellalibera
Credited to dellalibera
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written... Low Unreviewed
CVE-2025-62187 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Low Unreviewed
CVE-2025-43910 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Low Unreviewed
CVE-2025-43909 was published Oct 7, 2025
Generation of Predictable Numbers or Identifiers vulnerability in B&R Industrial Automation... Low Unreviewed
CVE-2025-3449 was published Oct 7, 2025
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct... Low Unreviewed
CVE-2025-59447 was published Oct 6, 2025
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to... Low Unreviewed
CVE-2025-61985 was published Oct 6, 2025
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain... Low Unreviewed
CVE-2025-61984 was published Oct 6, 2025
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long... Low Unreviewed
CVE-2025-59451 was published Oct 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database