Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,729 advisories

Loading
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local... Low Unreviewed
CVE-2025-23273 was published Sep 24, 2025
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a... Low Unreviewed
CVE-2025-23248 was published Sep 24, 2025
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a... Low Unreviewed
CVE-2025-23255 was published Sep 24, 2025
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication... Low Unreviewed
CVE-2025-0672 was published Sep 23, 2025
GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability Low
CVE-2025-57407 was published for gp247/core (Composer) Sep 23, 2025
DNN Vulnerable to Stored XSS Using Backend Admin Credentials Low
CVE-2025-59546 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes david-poindexter
valadas
Credited to bdukes, david-poindexter, and valadas
Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask allows... Low Unreviewed
CVE-2025-58012 was published Sep 22, 2025
Missing Authorization vulnerability in codepeople CP Multi View Event Calendar allows Exploiting... Low Unreviewed
CVE-2025-58009 was published Sep 22, 2025
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown... Low Unreviewed
CVE-2025-10778 was published Sep 22, 2025
A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the... Low Unreviewed
CVE-2025-10767 was published Sep 22, 2025
Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal Low
GHSA-mm7x-qfjj-5g2c was published for ammonia (Rust) Sep 22, 2025
Mattermost boards plugin fails to restrict download access to files Low
CVE-2025-9081 was published for github.com/mattermost/mattermost-plugin-boards (Go) Sep 19, 2025
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local... Low Unreviewed
CVE-2023-21470 was published Sep 19, 2025
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local... Low Unreviewed
CVE-2023-21469 was published Sep 19, 2025
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the... Low Unreviewed
CVE-2025-59692 was published Sep 19, 2025
PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside... Low Unreviewed
CVE-2025-59691 was published Sep 19, 2025
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming... Low Unreviewed
CVE-2025-30187 was published Sep 18, 2025
Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival Low
CVE-2025-59414 was published for nuxt (npm) Sep 17, 2025
apyatko
Credited to apyatko
Dragonfly's directories created via os.MkdirAll are not checked for permissions Low
CVE-2025-59349 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An... Low Unreviewed
CVE-2025-35433 was published Sep 17, 2025
CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An... Low Unreviewed
CVE-2025-35434 was published Sep 17, 2025
REXML has DoS condition when parsing malformed XML file Low
CVE-2025-58767 was published for rexml (RubyGems) Sep 17, 2025
sofiaaberegg
Credited to sofiaaberegg
In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as... Low Unreviewed
CVE-2025-30075 was published Sep 16, 2025
psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse'... Low Unreviewed
CVE-2025-59270 was published Sep 16, 2025
There is an an information disclosure vulnerability in ZTE T5400. Due to improper configuration... Low Unreviewed
CVE-2025-26710 was published Sep 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database