Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,962 advisories

Loading
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Moderate Unreviewed
CVE-2025-55052 was published Sep 9, 2025
An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain... High Unreviewed
CVE-2025-29089 was published Sep 9, 2025
Vite middleware may serve files starting with the same name with the public directory Low
CVE-2025-58751 was published for vite (npm) Sep 9, 2025
orihjfrog lukeed
Credited to orihjfrog and lukeed
Vite's `server.fs` settings were not applied to HTML files Low
CVE-2025-58752 was published for vite (npm) Sep 9, 2025
orihjfrog dominikg
Credited to orihjfrog and dominikg
Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an... High Unreviewed
CVE-2025-55243 was published Sep 9, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in... Moderate Unreviewed
CVE-2025-47997 was published Sep 9, 2025
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized... Moderate Unreviewed
CVE-2025-53804 was published Sep 9, 2025
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network... Moderate Unreviewed
CVE-2025-20270 was published Sep 9, 2025
TYPO3 Workspaces Module Information Disclosure High
CVE-2025-59018 was published for typo3/cms-workspaces (Composer) Sep 9, 2025
TYPO3 CSV download feature information disclosure Moderate
CVE-2025-59019 was published for typo3/cms-backend (Composer) Sep 9, 2025
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The... Low Unreviewed
CVE-2025-40803 was published Sep 9, 2025
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC... Moderate Unreviewed
CVE-2025-40757 was published Sep 9, 2025
OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other... Critical Unreviewed
CVE-2025-22956 was published Sep 8, 2025
A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability... Moderate Unreviewed
CVE-2025-10093 was published Sep 8, 2025
The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is... Moderate Unreviewed
CVE-2025-7368 was published Sep 6, 2025
Atlantis Exposes Service Version Publicly on /status API Endpoint Low
CVE-2025-58445 was published for github.com/runatlantis/atlantis (Go) Sep 5, 2025
matthewmrichter
Credited to matthewmrichter
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data... Moderate Unreviewed
CVE-2025-26453 was published Sep 5, 2025
Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized... Moderate Unreviewed
CVE-2025-55242 was published Sep 5, 2025
In multiple locations, there is a possible way to leak hidden work profile notifications due to a... Moderate Unreviewed
CVE-2025-48527 was published Sep 4, 2025
Argo CD's Project API Token Exposes Repository Credentials Critical
CVE-2025-55190 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 4, 2025
ntammineni5 34fathombelow
alexmt jannfis crenshaw-dev svghadi
Credited to ntammineni5, 34fathombelow, alexmt, jannfis, crenshaw-dev, and svghadi
Langchain Community Vulnerable to XML External Entity (XXE) Attacks High
CVE-2025-6984 was published for langchain-community (pip) Sep 4, 2025
Information disclosure High Unreviewed
CVE-2025-36895 was published Sep 4, 2025
Jenkins Git client Plugin file system information disclosure vulnerability Moderate
CVE-2025-58458 was published for org.jenkins-ci.plugins:git-client (Maven) Sep 3, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore... High Unreviewed
CVE-2025-53694 was published Sep 3, 2025
A vulnerability was detected in Das Parking Management System 停车场管理系统 6.2.0. This impacts an... Moderate Unreviewed
CVE-2025-9842 was published Sep 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database