Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,721 advisories

Loading
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Low Unreviewed
CVE-2025-43909 was published Oct 7, 2025
Generation of Predictable Numbers or Identifiers vulnerability in B&R Industrial Automation... Low Unreviewed
CVE-2025-3449 was published Oct 7, 2025
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long... Low Unreviewed
CVE-2025-59451 was published Oct 6, 2025
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to... Low Unreviewed
CVE-2025-61985 was published Oct 6, 2025
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain... Low Unreviewed
CVE-2025-61984 was published Oct 6, 2025
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct... Low Unreviewed
CVE-2025-59447 was published Oct 6, 2025
A user with the appropriate authorization can create any number of user accounts via an API ... Low Unreviewed
CVE-2025-58578 was published Oct 6, 2025
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace... Low Unreviewed
CVE-2025-58589 was published Oct 6, 2025
NovoSGA: Manipulation of User Creation Page can lead to weak password requirements Low
CVE-2025-11322 was published for novosga/novosga (Composer) Oct 6, 2025
MCPHub's ServerController is vulnerable to Command Injection Low
CVE-2025-11285 was published for @samanhappy/mcphub (npm) Oct 5, 2025
A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function... Low Unreviewed
CVE-2025-11281 was published Oct 5, 2025
HCL MyXalytics  6.6.  product is affected by Use of Vulnerable/Outdated Versions Vulnerability Low Unreviewed
CVE-2025-52658 was published Oct 3, 2025
wrflib has a soundness issue and is unmaintained Low
GHSA-466c-pfvv-v83g was published for wrflib (Rust) Oct 3, 2025
Claude Code permission deny bypass through symlink Low
CVE-2025-59829 was published for @anthropic-ai/claude-code (npm) Oct 3, 2025
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup... Low Unreviewed
CVE-2025-10306 was published Oct 3, 2025
A regular Zabbix user can search other users in their user group via Zabbix API by select fields... Low Unreviewed
CVE-2025-27236 was published Oct 3, 2025
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version... Low Unreviewed
CVE-2025-54087 was published Oct 2, 2025
DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables Low
CVE-2025-61677 was published for datachain (pip) Oct 2, 2025
gothburz
Credited to gothburz
Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to... Low Unreviewed
CVE-2025-11239 was published Oct 2, 2025
Django vulnerable to partial directory traversal via archives Low
CVE-2025-59682 was published for django (pip) Oct 1, 2025
Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import Low
GHSA-7jp2-5h22-m432 was published for auth0/symfony (Composer) Oct 1, 2025
Auth0 Wordpress plugin Does Not Properly Handle File Types in Bulk User Import Low
GHSA-w22c-pw5m-482x was published for auth0/wordpress (Composer) Oct 1, 2025
laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import Low
GHSA-hjfh-5jmm-xr24 was published for auth0/login (Composer) Oct 1, 2025
auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import Low
CVE-2025-58769 was published for auth0/auth0-php (Composer) Oct 1, 2025
Fiora chat user avatar is vulnerable to XSS via SVG files Low
CVE-2025-56514 was published for fiora (npm) Oct 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database