Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,862 advisories

Loading
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of... Low Unreviewed
CVE-2025-66382 was published Nov 28, 2025
Mustangproject allows exfiltrating files via XXE attacks Low
CVE-2025-66372 was published for org.mustangproject:library (Maven) Nov 28, 2025
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server:... Low Unreviewed
CVE-2025-13758 was published Nov 27, 2025
Emails sent by pretix can utilize placeholders that will be filled with customer data. For... Low Unreviewed
CVE-2025-13742 was published Nov 27, 2025
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions Low
GHSA-wmjr-v86c-m9jj was published for better-auth (npm) Nov 26, 2025
mufeedvh
Credited to mufeedvh
Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control Low
CVE-2025-65681 was published for tutor (pip) Nov 26, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.4.5, 18... Low Unreviewed
CVE-2025-13611 was published Nov 26, 2025
The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in... Low Unreviewed
CVE-2025-2486 was published Nov 26, 2025
In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets... Low Unreviewed
CVE-2025-20373 was published Nov 26, 2025
In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the... Low Unreviewed
CVE-2025-55174 was published Nov 26, 2025
Contao is vulnerable to cross-site scripting in templates Low
CVE-2025-65961 was published for contao/core-bundle (Composer) Nov 25, 2025
ausi m-vo
Credited to ausi and m-vo
VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM Low
CVE-2025-65942 was published for github.com/VictoriaMetrics/VictoriaMetrics (Go) Nov 25, 2025
hoang-prod
Credited to hoang-prod
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a... Low Unreviewed
CVE-2025-33200 was published Nov 25, 2025
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause... Low Unreviewed
CVE-2025-33199 was published Nov 25, 2025
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a... Low Unreviewed
CVE-2025-33198 was published Nov 25, 2025
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0... Low Unreviewed
CVE-2025-36134 was published Nov 25, 2025
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a... Low Unreviewed
CVE-2025-62497 was published Nov 25, 2025
A user with access to the cluster with a limited set of privilege actions may be able to... Low Unreviewed
CVE-2025-13643 was published Nov 25, 2025
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a... Low Unreviewed
CVE-2025-12893 was published Nov 25, 2025
OMERO.web uses jquery-form library, which may be vulnerable to XSS attack Low
GHSA-j4gv-6x9v-v23g was published for omero-web (pip) Nov 24, 2025
A sensitive information disclosure vulnerability exists in the error handling component of... Low Unreviewed
CVE-2025-13596 was published Nov 24, 2025
The Secure Flag passed to Versal™ Adaptive SoC’s Arm® Trusted Firmware for Cortex®-A processors ... Low Unreviewed
CVE-2025-54515 was published Nov 23, 2025
Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in... Low Unreviewed
CVE-2025-11934 was published Nov 22, 2025
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit... Low Unreviewed
CVE-2025-11931 was published Nov 22, 2025
The server previously verified the TLS 1.3 PSK binder using a non-constant time method which... Low Unreviewed
CVE-2025-11932 was published Nov 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database