Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,575 advisories

Loading
jsPDF Denial of Service (DoS) High
CVE-2025-57810 was published for jspdf (npm) Aug 26, 2025
AlexRomberg
Credited to AlexRomberg
Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc... High Unreviewed
CVE-2025-52451 was published Aug 22, 2025
An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system... High Unreviewed
CVE-2025-50674 was published Aug 22, 2025
Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified... Critical Unreviewed
CVE-2025-34158 was published Aug 21, 2025
sha.js is missing type checks leading to hash rewind and passing on crafted data Critical
CVE-2025-9288 was published for sha.js (npm) Aug 21, 2025
ChALkeR
Credited to ChALkeR
cipher-base is missing type checks, leading to hash rewind and passing on crafted data Critical
CVE-2025-9287 was published for cipher-base (npm) Aug 21, 2025
ChALkeR ljharb
Credited to ChALkeR and ljharb
Kaillera Server version 0.86 is vulnerable to a denial-of-service condition triggered by sending... High Unreviewed
CVE-2011-10020 was published Aug 20, 2025
IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote attacker to traverse... Moderate Unreviewed
CVE-2025-36114 was published Aug 20, 2025
A security issue exists due to improper handling of malformed CIP Forward Close packets during... Critical Unreviewed
CVE-2025-7693 was published Aug 18, 2025
CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when... High Unreviewed
CVE-2025-6625 was published Aug 18, 2025
HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability.... Moderate Unreviewed
CVE-2025-52620 was published Aug 16, 2025
A vulnerability has been found in the  MSoft MFlash application that allows execution of... Critical Unreviewed
CVE-2025-9060 was published Aug 15, 2025
The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all... Moderate Unreviewed
CVE-2025-7507 was published Aug 15, 2025
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center ... High Unreviewed
CVE-2025-20148 was published Aug 14, 2025
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This... Critical Unreviewed
CVE-2025-8876 was published Aug 14, 2025
A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment... High Unreviewed
CVE-2025-7971 was published Aug 14, 2025
A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is... Moderate Unreviewed
CVE-2025-8963 was published Aug 14, 2025
Loading arbitrary external URLs through WebView components introduces malicious JS code that can... High Unreviewed
CVE-2025-27388 was published Aug 14, 2025
A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local... High Unreviewed
CVE-2025-4410 was published Aug 13, 2025
UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and... High Unreviewed
CVE-2025-4276 was published Aug 13, 2025
Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute... High Unreviewed
CVE-2025-4277 was published Aug 13, 2025
Magento vulnerable to denial of service High
CVE-2025-49554 was published for magento/community-edition (Composer) Aug 12, 2025
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform... Moderate Unreviewed
CVE-2025-25005 was published Aug 12, 2025
Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R)... Moderate Unreviewed
CVE-2025-27537 was published Aug 12, 2025
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet... High Unreviewed
CVE-2025-24486 was published Aug 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database