Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,577 advisories

Loading
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2024-54109 was published Dec 12, 2024
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2024-54108 was published Dec 12, 2024
Vulnerability of processes not being fully terminated in the VPN module Impact: Successful... Moderate Unreviewed
CVE-2024-51513 was published Nov 5, 2024
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this... High Unreviewed
CVE-2024-54107 was published Dec 12, 2024
NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may... High Unreviewed
CVE-2025-23268 was published Sep 18, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker... Moderate Unreviewed
CVE-2025-23336 was published Sep 18, 2025
Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch Critical
GHSA-j424-mc44-f4hj was published for picklescan (pip) Sep 17, 2025 withdrawn
A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules,... High Unreviewed
CVE-2025-8007 was published Sep 9, 2025
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products. High Unreviewed
CVE-2024-6333 was published Oct 17, 2024
Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that... Critical Unreviewed
CVE-2025-1087 was published May 9, 2025
Windows Wi-Fi Driver Remote Code Execution Vulnerability High Unreviewed
CVE-2024-30078 was published Jun 11, 2024
A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical.... Moderate Unreviewed
CVE-2025-7099 was published Jul 7, 2025
A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some... Moderate Unreviewed
CVE-2025-10433 was published Sep 15, 2025
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation Critical
CVE-2025-54123 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Credited to Kr1shna4garwal
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page... Critical Unreviewed
CVE-2023-3710 was published Sep 12, 2023
Improper Input Validation in Hibernate Validator Moderate
CVE-2020-10693 was published for org.hibernate.validator:hibernate-validator (Maven) Jun 4, 2021
Element Plus Link component (el-link) implements insufficient input validation for the href attribute Moderate
CVE-2025-57665 was published for element-plus (npm) Sep 9, 2025
EwenDC
Credited to EwenDC
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw... Moderate Unreviewed
CVE-2024-45431 was published Sep 12, 2025
Next.js Content Injection Vulnerability for Image Optimization Moderate
CVE-2025-55173 was published for next (npm) Aug 29, 2025
kristianmagas medikoo
Credited to kristianmagas and medikoo
A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of... Low Unreviewed
CVE-2025-10252 was published Sep 11, 2025
TinyEnv: Inline comments not stripped properly in .env values Moderate
CVE-2025-58759 was published for datahihi1/tiny-env (Composer) Sep 9, 2025
jsPDF Denial of Service (DoS) High
CVE-2025-57810 was published for jspdf (npm) Aug 26, 2025
AlexRomberg
Credited to AlexRomberg
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
anlakii
Credited to anlakii
github.com/google/nftable IP addresses were encoded in the wrong byte order Moderate
CVE-2024-6284 was published for github.com/google/nftables (Go) Jul 4, 2024
An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via... High Unreviewed
CVE-2025-56404 was published Sep 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database