Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,055 advisories

Loading
The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization... High Unreviewed
CVE-2025-12844 was published Nov 13, 2025
The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is... High Unreviewed
CVE-2025-11923 was published Nov 13, 2025
The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is... High Unreviewed
CVE-2025-12733 was published Nov 13, 2025
The Epson Stylus SX510W embedded web management service fails to properly handle consecutive... High Unreviewed
CVE-2023-7326 was published Nov 13, 2025
UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference... High Unreviewed
CVE-2017-20211 was published Nov 13, 2025
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file... High Unreviewed
CVE-2022-4982 was published Nov 13, 2025
Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability.... High Unreviewed
CVE-2023-7327 was published Nov 13, 2025
Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a... High Unreviewed
CVE-2023-7329 was published Nov 13, 2025
JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirmed on the VN-T216VPRU model)... High Unreviewed
CVE-2016-15055 was published Nov 13, 2025
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated... High Unreviewed
CVE-2021-4463 was published Nov 13, 2025
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU) High
CVE-2025-64509 was published for bugsink (pip) Nov 13, 2025
Cycloctane
Credited to Cycloctane
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input High
CVE-2025-64508 was published for bugsink (pip) Nov 13, 2025
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass High
CVE-2025-64500 was published for symfony/http-foundation (Composer) Nov 12, 2025
cs278 nicolas-grekas
Credited to cs278 and nicolas-grekas
Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves High
CVE-2025-64186 was published for github.com/evervault/evervault-go (Go) Nov 12, 2025
JoranHonig
Credited to JoranHonig
OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation High
CVE-2025-64484 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Nov 12, 2025
47Cid
Credited to 47Cid
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local... High Unreviewed
CVE-2025-8485 was published Nov 12, 2025
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization... High Unreviewed
CVE-2025-46428 was published Nov 12, 2025
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser... High Unreviewed
CVE-2025-10495 was published Nov 12, 2025
An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an... High Unreviewed
CVE-2025-12048 was published Nov 12, 2025
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of... High Unreviewed
CVE-2025-46427 was published Nov 12, 2025
OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed High
CVE-2025-64099 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Nov 12, 2025
Jean-Eudes
Credited to Jean-Eudes
Fujitsu iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is... High Unreviewed
CVE-2025-65002 was published Nov 12, 2025
Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system... High Unreviewed
CVE-2025-65001 was published Nov 12, 2025
A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with ... High Unreviewed
CVE-2025-2843 was published Nov 12, 2025
A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds... High Unreviewed
CVE-2025-11795 was published Nov 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database