Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,863 advisories

Loading
Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 Révolution... Low Unreviewed
CVE-2025-63292 was published Nov 17, 2025
GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy... Low Unreviewed
CVE-2025-65083 was published Nov 17, 2025
Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10... Low Unreviewed
CVE-2025-60022 was published Nov 17, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4... Low Unreviewed
CVE-2025-6945 was published Nov 15, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18... Low Unreviewed
CVE-2025-7736 was published Nov 15, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and... Low Unreviewed
CVE-2025-11990 was published Nov 15, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18... Low Unreviewed
CVE-2025-12983 was published Nov 15, 2025
PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users Low
CVE-2025-64711 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard rugk
Ribas160
Credited to esnard, rugk, and Ribas160
An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows... Low Unreviewed
CVE-2025-4617 was published Nov 14, 2025
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert... Low Unreviewed
CVE-2025-54560 was published Nov 14, 2025
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11... Low Unreviewed
CVE-2025-54342 was published Nov 14, 2025
An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma®... Low Unreviewed
CVE-2025-4616 was published Nov 14, 2025
An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1... Low Unreviewed
CVE-2025-54559 was published Nov 14, 2025
Mattermost allows regular users to access archived channel content and files Low
CVE-2025-41436 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
SpiceDB WriteRelationships fails silently if payload is too big Low
CVE-2025-64529 was published for github.com/authzed/spicedb (Go) Nov 13, 2025
Astro development server error page is vulnerable to reflected Cross-site Scripting Low
CVE-2025-64745 was published for astro (npm) Nov 13, 2025
pHo9UBenaA delucis
florian-lefebvre
Credited to pHo9UBenaA, delucis, and florian-lefebvre
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control... Low Unreviewed
CVE-2025-46370 was published Nov 13, 2025
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-11777 was published for github.com/mattermost/mattermost (Go) Nov 13, 2025
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve... Low Unreviewed
CVE-2025-12817 was published Nov 13, 2025
Wasmtime provides unsound API access to a WebAssembly shared linear memory Low
CVE-2025-64345 was published for wasmtime (Rust) Nov 12, 2025
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch... Low Unreviewed
CVE-2025-63396 was published Nov 12, 2025
sudo-rs: Partial password reveal is possible after timeout Low
CVE-2025-64170 was published for sudo-rs (Rust) Nov 12, 2025
DevLaTron bjorn3
MggMuggins squell
Credited to DevLaTron, bjorn3, MggMuggins, and squell
changedetection.io: Stored XSS in Watch update via API Low
CVE-2025-62780 was published for changedetection.io (pip) Nov 12, 2025
edoardottt
Credited to edoardottt
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20378 was published Nov 12, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20379 was published Nov 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database