Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,577 advisories

Loading
A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2,... Moderate Unreviewed
CVE-2025-43348 was published Nov 4, 2025
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the... Critical Unreviewed
CVE-2025-64385 was published Oct 31, 2025
HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web... Critical Unreviewed
CVE-2024-30110 was published Oct 30, 2025
uv allows ZIP payload obfuscation through parsing differentials Moderate
GHSA-pqhf-p39g-3x64 was published for uv (pip) Oct 29, 2025
calebbrown woodruffw
zanieb
Credited to calebbrown, woodruffw, and zanieb
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public... Critical Unreviewed
CVE-2025-61235 was published Oct 28, 2025
A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function... Moderate Unreviewed
CVE-2025-12305 was published Oct 27, 2025
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron
Credited to masasron
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload... Critical Unreviewed
CVE-2025-27224 was published Oct 27, 2025
Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19... Critical Unreviewed
CVE-2025-12275 was published Oct 26, 2025
Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1... Moderate Unreviewed
CVE-2025-12278 was published Oct 26, 2025
Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects... Moderate Unreviewed
CVE-2025-12284 was published Oct 26, 2025
Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Critical Unreviewed
CVE-2025-12285 was published Oct 26, 2025
The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-11497 was published Oct 25, 2025
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that... High Unreviewed
CVE-2025-60938 was published Oct 24, 2025
An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server... Moderate Unreviewed
CVE-2025-11958 was published Oct 22, 2025
Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU... Critical Unreviewed
CVE-2025-12001 was published Oct 21, 2025
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos... High Unreviewed
CVE-2025-26781 was published Oct 20, 2025
A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of... Moderate Unreviewed
CVE-2025-11938 was published Oct 19, 2025
Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP... Critical Unreviewed
CVE-2025-8414 was published Oct 17, 2025
alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing High
CVE-2025-62370 was published for alloy-dyn-abi (Rust) Oct 15, 2025
emostov cr-tk
Credited to emostov and cr-tk
Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0... Moderate Unreviewed
CVE-2025-60537 was published Oct 14, 2025
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform... High Unreviewed
CVE-2025-59248 was published Oct 14, 2025
JDBC Driver for SQL Server has improper input validation issue High
CVE-2025-59250 was published for com.microsoft.sqlserver:mssql-jdbc (Maven) Oct 14, 2025
Fidget-Grep andreasmh
Credited to Fidget-Grep and andreasmh
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute... High Unreviewed
CVE-2025-59228 was published Oct 14, 2025
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate... High Unreviewed
CVE-2025-59207 was published Oct 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database