Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,016 advisories

Loading
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference... High Unreviewed
CVE-2025-57612 was published Sep 2, 2025
There is an out of bounds write vulnerability due to improper bounds checking resulting in... High Unreviewed
CVE-2025-57774 was published Sep 2, 2025
There is an out of bounds write vulnerability due to improper bounds checking resulting in an... High Unreviewed
CVE-2025-57776 was published Sep 2, 2025
There is an out of bounds write vulnerability due to improper bounds checking in displ2.dll when... High Unreviewed
CVE-2025-57777 was published Sep 2, 2025
There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing... High Unreviewed
CVE-2025-57775 was published Sep 2, 2025
There is an out of bounds write vulnerability due to improper bounds checking resulting in an... High Unreviewed
CVE-2025-57778 was published Sep 2, 2025
Incorrect access control in Beakon Application before v5.4.3 allows authenticated attackers with... Moderate Unreviewed
CVE-2025-55373 was published Sep 2, 2025
SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API... Moderate Unreviewed
CVE-2025-55472 was published Sep 2, 2025
Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS), which allows malicious Markdown... Moderate Unreviewed
CVE-2025-55474 was published Sep 2, 2025
Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable... Moderate Unreviewed
CVE-2025-55473 was published Sep 2, 2025
FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort... Moderate Unreviewed
CVE-2025-55476 was published Sep 2, 2025
Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a... Moderate Unreviewed
CVE-2024-51423 was published Sep 2, 2025
Soft Serve vulnerable to arbitrary file writing through SSH API High
CVE-2025-58355 was published for github.com/charmbracelet/soft-serve (Go) Sep 2, 2025
msanft caarlos0
Credited to msanft and caarlos0
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool High
CVE-2025-58358 was published for mcp-markdownify-server (npm) Sep 2, 2025
0xRoyR
Credited to 0xRoyR
ArrayQueue's push_front is not panic-safe Moderate
GHSA-xqjr-wfx3-gmxv was published for array-queue (Rust) Sep 2, 2025
Command Injection via sonarqube-scan-action GitHub Action High
CVE-2025-58178 was published for SonarSource/sonarqube-scan-action (GitHub Actions) Sep 2, 2025
Torbjorn-Svensson
Credited to Torbjorn-Svensson
arenavec has multiple memory corruption vulnerabilities in safe APIs High
GHSA-3632-54q8-m96x was published for arenavec (Rust) Sep 2, 2025
MobSF Path Traversal in GET /download/<filename> using absolute filenames Low
CVE-2025-58161 was published for mobsf (pip) Sep 2, 2025
noname1337h1
Credited to noname1337h1
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction Moderate
CVE-2025-58162 was published for mobsf (pip) Sep 2, 2025
noname1337h1
Credited to noname1337h1
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking High
GHSA-fqqv-56h5-f57g was published for pocketmine/pocketmine-mp (Composer) Sep 2, 2025
Zwuiix-cmd dktapps
Credited to Zwuiix-cmd and dktapps
ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header High
CVE-2025-57808 was published for esphome (pip) Sep 2, 2025
bcat
Credited to bcat
Local Deep Research's API keys are stored in plain text Moderate
CVE-2025-57806 was published for local-deep-research (pip) Sep 2, 2025
i-d-lytvynenko
Credited to i-d-lytvynenko
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-12974 was published Sep 2, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows... Moderate Unreviewed
CVE-2025-0670 was published Sep 2, 2025
Undertow MadeYouReset HTTP/2 DDoS Vulnerability High
CVE-2025-9784 was published for io.undertow:undertow-core (Maven) Sep 2, 2025
fawind
Credited to fawind
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database