Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

305,613 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in nanoid Moderate
CVE-2021-23566 was published for nanoid (npm) Jan 21, 2022
baptistecs
Credited to baptistecs
Prototype Pollution in jquery-bbq High
CVE-2021-20086 was published for jquery-bbq (npm) May 24, 2021
Denial of Service by injecting highly recursive collections or maps in XStream High
CVE-2021-43859 was published for com.thoughtworks.xstream:xstream (Maven) Feb 1, 2022
r00t4dm
Credited to r00t4dm
py vulnerable to Regular Expression Denial of Service High
CVE-2020-29651 was published for py (pip) Apr 20, 2021
Arbitrary Code Execution in underscore Critical
CVE-2021-23358 was published for underscore (npm) May 6, 2021
rajuc075
Credited to rajuc075
ansi_up cross-site scripting vulnerability Moderate
CVE-2021-3377 was published for ansi_up (npm) Mar 11, 2021
Eventlet affected by HTTP request smuggling in unparsed trailers Moderate
CVE-2025-58068 was published for eventlet (pip) Aug 29, 2025
sebastianosrt
Credited to sebastianosrt
imagemagick: integer overflows in MNG magnification High
CVE-2025-55154 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
TCPDF missing character escape on error messages Moderate
CVE-2024-56527 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
tecnickcom/tc-lib-pdf-font mishandles fonts Moderate
CVE-2024-56520 was published for tecnickcom/tc-lib-pdf-font (Composer) Dec 27, 2024
Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH Low
GHSA-j2pc-v64r-mv4f was published for io.github.ascopes:protobuf-maven-plugin (Maven) Nov 4, 2025
Marcono1234
Credited to Marcono1234
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in... High Unreviewed
CVE-2025-43505 was published Nov 4, 2025
A use after free issue was addressed with improved memory management. This issue is fixed in... Moderate Unreviewed
CVE-2025-43478 was published Nov 4, 2025
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and... High Unreviewed
CVE-2025-43502 was published Nov 4, 2025
A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1.... Moderate Unreviewed
CVE-2025-43504 was published Nov 4, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in... Moderate Unreviewed
CVE-2025-43457 was published Nov 4, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43446 was published Nov 4, 2025
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS... High Unreviewed
CVE-2025-43472 was published Nov 4, 2025
An authentication issue was addressed with improved state management. This issue is fixed in... Moderate Unreviewed
CVE-2025-43459 was published Nov 4, 2025
This issue was addressed by restricting options offered on a locked device. This issue is fixed... Low Unreviewed
CVE-2025-43408 was published Nov 4, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma... Moderate Unreviewed
CVE-2025-43411 was published Nov 4, 2025
A race condition was addressed with improved state handling. This issue is fixed in macOS Sonoma... Moderate Unreviewed
CVE-2025-43420 was published Nov 4, 2025
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2025-43474 was published Nov 4, 2025
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS... High Unreviewed
CVE-2025-43401 was published Nov 4, 2025
An access issue was addressed with additional sandbox restrictions. This issue is fixed in... High Unreviewed
CVE-2025-43413 was published Nov 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database