Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,769 advisories

Loading
Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows... Critical Unreviewed
CVE-2025-3500 was published Dec 1, 2025
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the... Critical Unreviewed
CVE-2025-63531 was published Dec 1, 2025
An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to... Critical Unreviewed
CVE-2025-63525 was published Dec 1, 2025
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to... Critical Unreviewed
CVE-2025-12106 was published Dec 1, 2025
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by... Critical Unreviewed
CVE-2025-35028 was published Dec 1, 2025
The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in... Critical Unreviewed
CVE-2025-13615 was published Nov 30, 2025
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to... Critical Unreviewed
CVE-2025-66385 was published Nov 28, 2025
Permission control vulnerability in the memory management module. Impact: Successful exploitation... Critical Unreviewed
CVE-2025-64314 was published Nov 28, 2025
Mattermost fails to to verify the token used during code exchange Critical
CVE-2025-12421 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication Critical
CVE-2025-12419 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool... Critical Unreviewed
CVE-2025-8890 was published Nov 27, 2025
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the... Critical Unreviewed
CVE-2025-12140 was published Nov 27, 2025
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2025-13539 was published Nov 27, 2025
The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions... Critical Unreviewed
CVE-2025-13540 was published Nov 27, 2025
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and... Critical Unreviewed
CVE-2025-13675 was published Nov 27, 2025
The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up... Critical Unreviewed
CVE-2025-13538 was published Nov 27, 2025
Ray's New Token Authentication is Disabled By Default Critical
CVE-2025-34351 was published for ray (pip) Nov 27, 2025
The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to... Critical Unreviewed
CVE-2024-5539 was published Nov 27, 2025
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are... Critical Unreviewed
CVE-2025-40934 was published Nov 27, 2025
An unauthenticated administrative access vulnerability exists in the open-source HashTech project... Critical Unreviewed
CVE-2025-65276 was published Nov 26, 2025
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from... Critical Unreviewed
CVE-2025-65669 was published Nov 26, 2025
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack Critical
CVE-2025-62593 was published for ray (pip) Nov 26, 2025
JLLeitschuh avilum
Credited to JLLeitschuh and avilum
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and... Critical Unreviewed
CVE-2025-55469 was published Nov 26, 2025
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via... Critical Unreviewed
CVE-2025-50399 was published Nov 26, 2025
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via... Critical Unreviewed
CVE-2025-50402 was published Nov 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database