Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,097 advisories

Loading
In getCallingAppName of Shared.java, there is a possible way to trick users into granting file... High Unreviewed
CVE-2025-32323 was published Sep 4, 2025
In multiple locations, there is a possible way to view icons belonging to another user due to a... Low Unreviewed
CVE-2025-0076 was published Sep 4, 2025
In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in... High Unreviewed
CVE-2025-0089 was published Sep 4, 2025
In multiple locations, there is a possible memory corruption due to a use after free. This could... High Unreviewed
CVE-2025-32332 was published Sep 4, 2025
In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer... High Unreviewed
CVE-2025-32325 was published Sep 4, 2025
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a... High Unreviewed
CVE-2025-32345 was published Sep 4, 2025
In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due... High Unreviewed
CVE-2025-32333 was published Sep 4, 2025
A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function... Moderate Unreviewed
CVE-2025-9752 was published Sep 4, 2025
A vulnerability was detected in Campcodes Online Hospital Management System 1.0. The affected... Moderate Unreviewed
CVE-2025-9753 was published Sep 4, 2025
A flaw has been found in Campcodes Online Hospital Management System 1.0. The impacted element is... Moderate Unreviewed
CVE-2025-9754 was published Sep 4, 2025
A vulnerability was detected in Campcodes Hospital Management System 1.0. This affects an unknown... Moderate Unreviewed
CVE-2025-9746 was published Sep 4, 2025
A vulnerability was identified in HKritesh009 Grocery List Management Web App up to... Moderate Unreviewed
CVE-2025-9749 was published Sep 4, 2025
podman kube play symlink traversal vulnerability High
CVE-2025-9566 was published for github.com/containers/podman/v4 (Go) Sep 4, 2025
Luap99
Credited to Luap99
Presta Shop vulnerable to email enumeration Moderate
CVE-2025-51586 was published for prestashop/prestashop (Composer) Sep 4, 2025
Argo CD's Project API Token Exposes Repository Credentials Critical
CVE-2025-55190 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 4, 2025
ntammineni5 34fathombelow
alexmt jannfis crenshaw-dev svghadi
Credited to ntammineni5, 34fathombelow, alexmt, jannfis, crenshaw-dev, and svghadi
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter High
CVE-2025-58179 was published for @astrojs/cloudflare (npm) Sep 4, 2025
ghostdevv monizb
alexanderniebuhr ascorbic ematipico delucis
Credited to ghostdevv, monizb, alexanderniebuhr, ascorbic, ematipico, and delucis
Pixar OpenUSD Sdf_PathNode Module Use-After-Free Vulnerability Leading to Potential Remote Code Execution Critical
GHSA-58p5-r2f6-g2cj was published for usd-core (pip) Sep 4, 2025
bshyuunn
Credited to bshyuunn
Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions Low
CVE-2025-58056 was published for io.netty:netty-codec-http (Maven) Sep 4, 2025
JeppW JLLeitschuh
yawkat
Credited to JeppW, JLLeitschuh, and yawkat
Vaadin Platform possible file bypass via upload validation on the server-side Moderate
GHSA-c7v7-rqfm-f44j was published for com.vaadin:vaadin (Maven) Sep 4, 2025
Vaadin Flow Components possible file bypass via upload validation on the server-side Moderate
GHSA-94g8-xv23-7656 was published for com.vaadin:vaadin-upload-flow (Maven) Sep 4, 2025
Vaadin Framework possible file bypass via upload validation on the server-side Moderate
CVE-2025-9467 was published for com.vaadin:vaadin-server (Maven) Sep 4, 2025
An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin... High Unreviewed
CVE-2025-57263 was published Sep 4, 2025
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7... Moderate Unreviewed
CVE-2025-25048 was published Sep 4, 2025
Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing... Moderate Unreviewed
CVE-2025-6785 was published Sep 4, 2025
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM... Moderate Unreviewed
CVE-2025-2694 was published Sep 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database