Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,629 advisories

Loading
Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a... Moderate Unreviewed
CVE-2025-12906 was published Nov 8, 2025
Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a... Moderate Unreviewed
CVE-2025-12909 was published Nov 8, 2025
Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local... Moderate Unreviewed
CVE-2025-12910 was published Nov 8, 2025
Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140... Moderate Unreviewed
CVE-2025-12908 was published Nov 8, 2025
Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a... Critical Unreviewed
CVE-2020-36870 was published Nov 8, 2025
Potential Denial of Service issue in all supported versions of Revenera InstallShield version... Moderate Unreviewed
CVE-2025-12418 was published Nov 8, 2025
A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue... High Unreviewed
CVE-2025-60574 was published Nov 8, 2025
A stored cross-site scripting (XSS) vulnerability in the CrushFTP 11.3.7_50 Admin Panel (Reports ... Unknown Unreviewed
CVE-2025-63420 was published Nov 8, 2025
Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values High
GHSA-vfpf-xmwh-8m65 was published for prosemirror_to_html (RubyGems) Nov 7, 2025 withdrawn
Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc High
GHSA-f83h-ghpp-7wcc was published for pdfminer.six (pip) Nov 7, 2025
sumanrox
Credited to sumanrox
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory... Moderate Unreviewed
CVE-2025-7700 was published Nov 7, 2025
A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows... Moderate Unreviewed
CVE-2025-61261 was published Nov 7, 2025
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration... Critical Unreviewed
CVE-2025-10230 was published Nov 7, 2025
A weakness has been identified in mruby 3.4.0. This vulnerability affects the function... Moderate Unreviewed
CVE-2025-12875 was published Nov 7, 2025
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX... Moderate Unreviewed
CVE-2025-2534 was published Nov 7, 2025
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0... Moderate Unreviewed
CVE-2025-33012 was published Nov 7, 2025
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX... Moderate Unreviewed
CVE-2025-36131 was published Nov 7, 2025
IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under... High Unreviewed
CVE-2025-36186 was published Nov 7, 2025
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes... Moderate Unreviewed
CVE-2025-36008 was published Nov 7, 2025
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0... Moderate Unreviewed
CVE-2025-36006 was published Nov 7, 2025
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and... Moderate Unreviewed
CVE-2025-36135 was published Nov 7, 2025
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could... Moderate Unreviewed
CVE-2025-36185 was published Nov 7, 2025
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes... Moderate Unreviewed
CVE-2025-36136 was published Nov 7, 2025
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0... Moderate Unreviewed
CVE-2024-47118 was published Nov 7, 2025
Improper resource management in firmware of some Solidigm DC Products may allow an attacker with... Moderate Unreviewed
CVE-2025-12902 was published Nov 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database