Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

300,986 advisories

Loading
github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives Moderate
CVE-2025-58058 was published for github.com/ulikunitz/xz (Go) Aug 28, 2025
Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token Low
GHSA-3rw9-wmc8-8948 was published for github.com/coder/coder/v2 (Go) Aug 28, 2025
spikecurtis
Credited to spikecurtis
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0... Moderate Unreviewed
CVE-2025-9575 was published Aug 28, 2025
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via... Moderate Unreviewed
CVE-2025-57217 was published Aug 28, 2025
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61,... Moderate Unreviewed
CVE-2025-58335 was published Aug 28, 2025
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via... Moderate Unreviewed
CVE-2025-57218 was published Aug 28, 2025
AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability.  The issue may allow... Moderate Unreviewed
CVE-2025-31971 was published Aug 28, 2025
Improper input validation in firmware of some Solidigm DC Products may allow an attacker with... Moderate Unreviewed
CVE-2025-9195 was published Aug 28, 2025
A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown... Low Unreviewed
CVE-2025-9576 was published Aug 28, 2025
HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms... Moderate Unreviewed
CVE-2025-31977 was published Aug 28, 2025
Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an... High Unreviewed
CVE-2024-13986 was published Aug 28, 2025
In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate... High Unreviewed
CVE-2025-58334 was published Aug 28, 2025
Incorrect authorization in Kibana can lead to privilege escalation via the built-in... Moderate Unreviewed
CVE-2025-25010 was published Aug 28, 2025
Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is... Low Unreviewed
CVE-2025-51643 was published Aug 28, 2025
A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the... Moderate Unreviewed
CVE-2025-31979 was published Aug 28, 2025
spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in the READ_SYSCALL and... Moderate Unreviewed
CVE-2025-29364 was published Aug 28, 2025
HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal... Moderate Unreviewed
CVE-2025-31972 was published Aug 28, 2025
Contrast leaks workload secrets to logs on INFO level High
GHSA-vxg3-w9rv-rhr2 was published for github.com/edgelesssys/contrast (Go) Aug 28, 2025
katexochen
Credited to katexochen
Valtimo scripting engine can be used to gain access to sensitive data or resources Critical
CVE-2025-58059 was published for com.ritense.valtimo:core (Maven) Aug 28, 2025
Volto affected by possible DoS by invoking specific URL by anonymous user High
CVE-2025-58047 was published for @plone/volto (npm) Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in... Moderate Unreviewed
CVE-2025-58123 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in... Moderate Unreviewed
CVE-2025-58125 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM... Moderate Unreviewed
CVE-2025-58126 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM... Moderate Unreviewed
CVE-2025-58124 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in... Moderate Unreviewed
CVE-2025-58127 was published Aug 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database