Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,575 advisories

Loading
Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R)... Moderate Unreviewed
CVE-2025-27537 was published Aug 12, 2025
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet... High Unreviewed
CVE-2025-24484 was published Aug 12, 2025
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet... Critical Unreviewed
CVE-2025-24325 was published Aug 12, 2025
Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may... Moderate Unreviewed
CVE-2025-24296 was published Aug 12, 2025
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet... Moderate Unreviewed
CVE-2025-21086 was published Aug 12, 2025
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2).... Critical Unreviewed
CVE-2025-40746 was published Aug 12, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. Low Unreviewed
CVE-2025-25212 was published Aug 11, 2025
Apache CXF: Untrusted JMS configuration can lead to RCE Moderate
CVE-2025-48913 was published for org.apache.cxf:cxf-rt-transports-jms (Maven) Aug 8, 2025
A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This... Low Unreviewed
CVE-2025-8708 was published Aug 8, 2025
uv allows ZIP payload obfuscation through parsing differentials Moderate
CVE-2025-54368 was published for uv (pip) Aug 7, 2025
charliermarsh zanieb
woodruffw thatch calebbrown
Credited to charliermarsh, zanieb, woodruffw, thatch, and calebbrown
Ollama allows deletion of arbitrary files Moderate
CVE-2025-44779 was published for github.com/ollama/ollama (Go) Aug 7, 2025
Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66... Moderate Unreviewed
CVE-2025-8582 was published Aug 7, 2025
A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the... Moderate Unreviewed
CVE-2025-50233 was published Aug 6, 2025
Transient DOS while processing CCCH data when NW sends data with invalid length. High Unreviewed
CVE-2025-21477 was published Aug 6, 2025
Issue of buffer overflow caused by insufficient data verification in the kernel acceleration... Moderate Unreviewed
CVE-2025-54641 was published Aug 6, 2025
Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module.... Moderate Unreviewed
CVE-2025-54642 was published Aug 6, 2025
Issue of buffer overflow caused by insufficient data verification in the kernel drop detection... Moderate Unreviewed
CVE-2025-54636 was published Aug 6, 2025
Input verification vulnerability in the home screen module. Impact: Successful exploitation of... Moderate Unreviewed
CVE-2025-54614 was published Aug 6, 2025
Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page Moderate
CVE-2025-8571 was published for concrete5/concrete5 (Composer) Aug 6, 2025
Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page Low
CVE-2025-8573 was published for concrete5/concrete5 (Composer) Aug 6, 2025
Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker... High Unreviewed
CVE-2025-7674 was published Aug 5, 2025
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an... Critical Unreviewed
CVE-2025-2611 was published Aug 5, 2025
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a... High Unreviewed
CVE-2025-27211 was published Aug 5, 2025
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a... Critical Unreviewed
CVE-2025-27212 was published Aug 5, 2025
Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string Moderate
CVE-2024-52279 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Aug 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database