Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,390 advisories

Loading
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX... Moderate Unreviewed
CVE-2025-2534 was published Nov 7, 2025
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0... Moderate Unreviewed
CVE-2025-33012 was published Nov 7, 2025
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX... Moderate Unreviewed
CVE-2025-36131 was published Nov 7, 2025
IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under... High Unreviewed
CVE-2025-36186 was published Nov 7, 2025
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes... Moderate Unreviewed
CVE-2025-36008 was published Nov 7, 2025
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0... Moderate Unreviewed
CVE-2025-36006 was published Nov 7, 2025
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and... Moderate Unreviewed
CVE-2025-36135 was published Nov 7, 2025
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could... Moderate Unreviewed
CVE-2025-36185 was published Nov 7, 2025
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes... Moderate Unreviewed
CVE-2025-36136 was published Nov 7, 2025
Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the ... Unknown Unreviewed
CVE-2025-63638 was published Nov 7, 2025
TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in the /search_results endpoint via the... Unknown Unreviewed
CVE-2025-63543 was published Nov 7, 2025
The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet... Unknown Unreviewed
CVE-2025-63717 was published Nov 7, 2025
TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in /order_notes via the id parameter. Unknown Unreviewed
CVE-2025-63544 was published Nov 7, 2025
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable... Unknown Unreviewed
CVE-2025-63639 was published Nov 7, 2025
Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the ... Unknown Unreviewed
CVE-2025-63640 was published Nov 7, 2025
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0... Moderate Unreviewed
CVE-2024-47118 was published Nov 7, 2025
Improper resource management in firmware of some Solidigm DC Products may allow an attacker with... Moderate Unreviewed
CVE-2025-12902 was published Nov 7, 2025
A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This... High Unreviewed
CVE-2025-12863 was published Nov 7, 2025
Improper resource management in firmware of some Solidigm DC Products may allow an attacker with... Moderate Unreviewed
CVE-2025-12896 was published Nov 7, 2025
Arbitrary Code Execution in pdfminer.six via Crafted PDF Input High
GHSA-wf5f-4jwr-ppcp was published for pdfminer.six (pip) Nov 7, 2025
mtolley
Credited to mtolley
KubeVirt Vulnerable to Arbitrary Host File Read and Write High
CVE-2025-64324 was published for github.com/kubevirt/kubevirt (Go) Nov 7, 2025
mihailkirov Faeris95
jean-edouard
Credited to mihailkirov, Faeris95, and jean-edouard
A security flaw has been discovered in Campcodes School File Management 1.0. This affects an... Moderate Unreviewed
CVE-2025-12873 was published Nov 7, 2025
AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64 Moderate
CVE-2025-57697 was published for AstrBot (pip) Nov 7, 2025
A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System)... Unknown Unreviewed
CVE-2025-63718 was published Nov 7, 2025
The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF)... Unknown Unreviewed
CVE-2025-63716 was published Nov 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database