Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,969
Erlang
39
GitHub Actions
38
Go
2,620
Maven
5,000+
npm
4,255
NuGet
760
pip
4,043
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,559 advisories

Loading
A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of... Moderate Unreviewed
CVE-2025-10769 was published Sep 22, 2025
A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function... Moderate Unreviewed
CVE-2025-10768 was published Sep 22, 2025
Codex has sandbox bypass due to bug in path configuration logic High
CVE-2025-59532 was published for @openai/codex (npm) Sep 19, 2025
Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-58114 was published Sep 19, 2025
An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to... High Unreviewed
CVE-2025-57528 was published Sep 19, 2025
Grafana-Zabbix ReDoS vulnerability Moderate
CVE-2025-10630 was published for github.com/alexanderzobnin/grafana-zabbix (Go) Sep 19, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker... Moderate Unreviewed
CVE-2025-23336 was published Sep 18, 2025
NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may... High Unreviewed
CVE-2025-23268 was published Sep 18, 2025
Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch Critical
GHSA-j424-mc44-f4hj was published for picklescan (pip) Sep 17, 2025 withdrawn
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another Moderate
CVE-2025-59160 was published for matrix-js-sdk (npm) Sep 16, 2025
cai0duque
Credited to cai0duque
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 26, watchOS... Critical Unreviewed
CVE-2025-43347 was published Sep 16, 2025
The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS... High Unreviewed
CVE-2025-43372 was published Sep 16, 2025
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an... Moderate Unreviewed
CVE-2025-43375 was published Sep 16, 2025
A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26... Critical Unreviewed
CVE-2025-43342 was published Sep 16, 2025
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43299 was published Sep 16, 2025
The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7... Moderate Unreviewed
CVE-2025-43293 was published Sep 16, 2025
A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some... Moderate Unreviewed
CVE-2025-10433 was published Sep 15, 2025
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw... Moderate Unreviewed
CVE-2024-45431 was published Sep 12, 2025
A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of... Low Unreviewed
CVE-2025-10252 was published Sep 11, 2025
Picklescan Bypass is Possible via File Extension Mismatch Critical
CVE-2025-10155 was published for picklescan (pip) Sep 10, 2025
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation Critical
CVE-2025-54123 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Credited to Kr1shna4garwal
An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via... High Unreviewed
CVE-2025-56404 was published Sep 10, 2025
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor Moderate
CVE-2025-10164 was published for sglang (pip) Sep 9, 2025
m1ssya
Credited to m1ssya
TinyEnv: Inline comments not stripped properly in .env values Moderate
CVE-2025-58759 was published for datahihi1/tiny-env (Composer) Sep 9, 2025
Element Plus Link component (el-link) implements insufficient input validation for the href attribute Moderate
CVE-2025-57665 was published for element-plus (npm) Sep 9, 2025
EwenDC
Credited to EwenDC
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database