Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,054 advisories

Loading
A Broken Object Level Authorization (BOLA) vulnerability was discovered in the tRPC project... Unknown Unreviewed
CVE-2025-63783 was published Nov 7, 2025
There is an arbitrary file download vulnerability in GuoMinJim PersonManage thru commit... Unknown Unreviewed
CVE-2025-63686 was published Nov 7, 2025
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz... Critical Unreviewed
CVE-2025-63690 was published Nov 7, 2025
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the text editor feature of the... Unknown Unreviewed
CVE-2025-63785 was published Nov 7, 2025
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System... Critical Unreviewed
CVE-2025-63691 was published Nov 7, 2025
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web... Unknown Unreviewed
CVE-2025-63784 was published Nov 7, 2025
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit... Critical Unreviewed
CVE-2025-63689 was published Nov 7, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-7719 was published Nov 7, 2025
A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by... Moderate Unreviewed
CVE-2025-12862 was published Nov 7, 2025
A NULL pointer dereference vulnerability has been reported to affect several product versions. If... Moderate Unreviewed
CVE-2025-47207 was published Nov 7, 2025
An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit... Critical Unreviewed
CVE-2025-52425 was published Nov 7, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote... Low Unreviewed
CVE-2025-52865 was published Nov 7, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... Moderate Unreviewed
CVE-2025-53413 was published Nov 7, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote... Low Unreviewed
CVE-2025-53408 was published Nov 7, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... Moderate Unreviewed
CVE-2025-53410 was published Nov 7, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... Moderate Unreviewed
CVE-2025-53409 was published Nov 7, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote... Low Unreviewed
CVE-2025-53412 was published Nov 7, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... Low Unreviewed
CVE-2025-53411 was published Nov 7, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote... Low Unreviewed
CVE-2025-54168 was published Nov 7, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect Notification Center. If a... High Unreviewed
CVE-2025-54167 was published Nov 7, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a... Low Unreviewed
CVE-2025-57706 was published Nov 7, 2025
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an... Moderate Unreviewed
CVE-2025-12861 was published Nov 7, 2025
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events High
CVE-2025-64496 was published for open-webui (npm) Nov 7, 2025
vitalysim
Credited to vitalysim
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file ... Moderate Unreviewed
CVE-2025-12860 was published Nov 7, 2025
Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2025-34299 was published Nov 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database