Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,577 advisories

Loading
Improper input validation in Microsoft Windows Search Component allows an authorized attacker to... Moderate Unreviewed
CVE-2025-59198 was published Oct 14, 2025
Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker... Moderate Unreviewed
CVE-2025-59190 was published Oct 14, 2025
Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2025-59187 was published Oct 14, 2025
Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate... High Unreviewed
CVE-2025-58716 was published Oct 14, 2025
Improper input validation in Windows Kernel allows an unauthorized attacker to disclose... Moderate Unreviewed
CVE-2025-55679 was published Oct 14, 2025
Improper input validation in Windows Error Reporting allows an authorized attacker to elevate... High Unreviewed
CVE-2025-55692 was published Oct 14, 2025
A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers... High Unreviewed
CVE-2025-9066 was published Oct 14, 2025
A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All... High Unreviewed
CVE-2011-20001 was published Oct 14, 2025
HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to... Low Unreviewed
CVE-2025-31995 was published Oct 13, 2025
cel-rust May Panic During Parsing of Invalid CEL Expressions High
CVE-2025-62162 was published for cel (Rust) Oct 11, 2025
howardjohn alexsnaps
Credited to howardjohn and alexsnaps
Astro's `X-Forwarded-Host` is reflected without validation Moderate
CVE-2025-61925 was published for astro (npm) Oct 10, 2025
Chisnet
Credited to Chisnet
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments High
CVE-2025-61920 was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
Information disclosure may occur while processing the hypervisor log. Moderate Unreviewed
CVE-2025-27040 was published Oct 9, 2025
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
ota42y Alnusjaponica Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, ota42y, Alnusjaponica, Isotr0py, and DarkLight1337
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict Moderate
GHSA-mm7p-fcc7-pg87 was published for nodemailer (npm) Oct 7, 2025
xclow3n
Credited to xclow3n
A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function... Moderate Unreviewed
CVE-2025-11345 was published Oct 6, 2025
A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function... Moderate Unreviewed
CVE-2025-11346 was published Oct 6, 2025
A vulnerability was found in LaChatterie Verger up to 1.2.10. This impacts the function... Moderate Unreviewed
CVE-2025-11273 was published Oct 5, 2025
Duplicate Advisory: motionEye vulnerable to RCE via unsanitized motion config parameter High
GHSA-26f6-wm47-7h7j was published for motioneye (pip) Oct 3, 2025 withdrawn
OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the... High Unreviewed
CVE-2025-34226 was published Oct 3, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for... High Unreviewed
CVE-2025-52544 was published Oct 1, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input... High Unreviewed
CVE-2025-52547 was published Oct 1, 2025
QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing Moderate
CVE-2025-11226 was published for ch.qos.logback:logback-core (Maven) Oct 1, 2025
chrismcmacken
Credited to chrismcmacken
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability,... Low Unreviewed
CVE-2025-11195 was published Sep 30, 2025
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload High
CVE-2025-59537 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
s0ngsari530 jake-ciolek
crenshaw-dev blakepettersson
Credited to s0ngsari530, jake-ciolek, crenshaw-dev, and blakepettersson
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database