Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,577 advisories

Loading
Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial... High Unreviewed
CVE-2021-25255 was published May 21, 2025
Gardener allows bypassing project secret validation which can lead to privilege escalation Critical
CVE-2025-47283 was published for github.com/gardener/gardener (Go) May 19, 2025
petersutter rfranzke
donistz timuthy JordanJordanov
Credited to petersutter, rfranzke, donistz, timuthy, and JordanJordanov
Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation Critical
CVE-2025-47282 was published for github.com/gardener/external-dns-management (Go) May 19, 2025
petersutter donistz
MartinWeindel JordanJordanov
Credited to petersutter, donistz, MartinWeindel, and JordanJordanov
A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic.... Moderate Unreviewed
CVE-2025-4905 was published May 19, 2025
Spring Framework DataBinder Case Sensitive Match Exception Low
CVE-2025-22233 was published for org.springframework:spring-context (Maven) May 16, 2025
ryanmurf
Credited to ryanmurf
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer... High Unreviewed
CVE-2025-4600 was published May 16, 2025
A Path traversal vulnerability in the file download functionality was identified. This... High Unreviewed
CVE-2025-2305 was published May 16, 2025
Ericsson Packet Core Controller (PCC) contains a vulnerability where an attacker sending a large... High Unreviewed
CVE-2024-53827 was published May 16, 2025
A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to... Moderate Unreviewed
CVE-2025-4742 was published May 16, 2025
A vulnerability was found in BeamCtrl Airiana up to 11.0. It has been declared as problematic.... Moderate Unreviewed
CVE-2025-4740 was published May 16, 2025
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before... High Unreviewed
CVE-2024-52880 was published May 15, 2025
A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up... Moderate Unreviewed
CVE-2025-4701 was published May 15, 2025
Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna... Low Unreviewed
CVE-2025-4762 was published May 15, 2025
Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation Moderate
CVE-2025-47888 was published for io.jenkins.plugins:dingding-notifications (Maven) May 14, 2025
Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and... High Unreviewed
CVE-2025-24308 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-43560 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-43559 was published May 13, 2025
Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and... High Unreviewed
CVE-2025-21094 was published May 13, 2025
Improper input validation in the UEFI firmware GenerationSetup module for the Intel(R) Server... Moderate Unreviewed
CVE-2025-20009 was published May 13, 2025
Improper input validation in the BackupBiosUpdate UEFI firmware SmiVariable driver for the Intel... Moderate Unreviewed
CVE-2025-20034 was published May 13, 2025
Improper input validation for some Intel(R) Graphics Drivers may allow an authenticated user to... Moderate Unreviewed
CVE-2025-20031 was published May 13, 2025
Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before... High Unreviewed
CVE-2025-20032 was published May 13, 2025
Improper input validation in Windows Common Log File System Driver allows an authorized attacker... High Unreviewed
CVE-2025-32706 was published May 13, 2025
Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized... Moderate Unreviewed
CVE-2025-29968 was published May 13, 2025
Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service... Moderate Unreviewed
CVE-2025-29955 was published May 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database