Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,577 advisories

Loading
cel-rust May Panic During Parsing of Invalid CEL Expressions High
CVE-2025-62162 was published for cel (Rust) Oct 11, 2025
howardjohn alexsnaps
Credited to howardjohn and alexsnaps
Astro's `X-Forwarded-Host` is reflected without validation Moderate
CVE-2025-61925 was published for astro (npm) Oct 10, 2025
Chisnet
Credited to Chisnet
Denial of service in jackson-dataformat-toml High
CVE-2023-3894 was published for com.fasterxml.jackson.dataformat:jackson-dataformat-toml (Maven) Aug 8, 2023
Mochis ryanmurf
Credited to Mochis and ryanmurf
The ZScaler service is susceptible to a local privilege escalation vulnerability found in the... High Unreviewed
CVE-2024-23482 was published Mar 26, 2024
Information disclosure may occur while processing the hypervisor log. Moderate Unreviewed
CVE-2025-27040 was published Oct 9, 2025
A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of... Moderate Unreviewed
CVE-2025-10769 was published Sep 22, 2025
A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function... Moderate Unreviewed
CVE-2025-10770 was published Sep 22, 2025
A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function... Moderate Unreviewed
CVE-2025-10768 was published Sep 22, 2025
A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown... Moderate Unreviewed
CVE-2025-10771 was published Sep 22, 2025
Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects... High Unreviewed
CVE-2025-52905 was published Sep 23, 2025
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability,... Low Unreviewed
CVE-2025-11195 was published Sep 30, 2025
An improper input validation in GE Vernova UR IED family devices from version 7.0 up to 8.60... Moderate Unreviewed
CVE-2025-27253 was published Mar 10, 2025
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict Moderate
GHSA-mm7p-fcc7-pg87 was published for nodemailer (npm) Oct 7, 2025
xclow3n
Credited to xclow3n
Enterprise Protection contains an improper input validation vulnerability in attachment defense... Moderate Unreviewed
CVE-2024-10635 was published Apr 28, 2025
A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function... Moderate Unreviewed
CVE-2025-11346 was published Oct 6, 2025
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to... High Unreviewed
CVE-2014-2360 was published May 17, 2022
A vulnerability was found in LaChatterie Verger up to 1.2.10. This impacts the function... Moderate Unreviewed
CVE-2025-11273 was published Oct 5, 2025
The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2... High Unreviewed
CVE-2014-2357 was published May 17, 2022
OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the... High Unreviewed
CVE-2025-34226 was published Oct 3, 2025
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0... Moderate Unreviewed
CVE-2025-5326 was published May 29, 2025
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version... Critical Unreviewed
CVE-2025-34111 was published Jul 15, 2025
COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon... Moderate Unreviewed
CVE-2014-2346 was published May 17, 2022
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial... Moderate Unreviewed
CVE-2014-2342 was published May 17, 2022
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to... Low Unreviewed
CVE-2014-2343 was published May 17, 2022
COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon... High Unreviewed
CVE-2014-2345 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database