Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,048 advisories

Loading
MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle... High Unreviewed
CVE-2025-61084 was published Nov 5, 2025
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS... High Unreviewed
CVE-2025-43472 was published Nov 4, 2025
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS... High Unreviewed
CVE-2025-43401 was published Nov 4, 2025
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron
Credited to masasron
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that... High Unreviewed
CVE-2025-60938 was published Oct 24, 2025
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos... High Unreviewed
CVE-2025-26781 was published Oct 20, 2025
alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing High
CVE-2025-62370 was published for alloy-dyn-abi (Rust) Oct 15, 2025
emostov cr-tk
Credited to emostov and cr-tk
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform... High Unreviewed
CVE-2025-59248 was published Oct 14, 2025
JDBC Driver for SQL Server has improper input validation issue High
CVE-2025-59250 was published for com.microsoft.sqlserver:mssql-jdbc (Maven) Oct 14, 2025
Fidget-Grep andreasmh
Credited to Fidget-Grep and andreasmh
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate... High Unreviewed
CVE-2025-59207 was published Oct 14, 2025
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute... High Unreviewed
CVE-2025-59228 was published Oct 14, 2025
Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2025-59187 was published Oct 14, 2025
Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate... High Unreviewed
CVE-2025-58716 was published Oct 14, 2025
Improper input validation in Windows Error Reporting allows an authorized attacker to elevate... High Unreviewed
CVE-2025-55692 was published Oct 14, 2025
A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers... High Unreviewed
CVE-2025-9066 was published Oct 14, 2025
A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All... High Unreviewed
CVE-2011-20001 was published Oct 14, 2025
cel-rust May Panic During Parsing of Invalid CEL Expressions High
CVE-2025-62162 was published for cel (Rust) Oct 11, 2025
howardjohn alexsnaps
Credited to howardjohn and alexsnaps
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments High
CVE-2025-61920 was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
Duplicate Advisory: motionEye vulnerable to RCE via unsanitized motion config parameter High
GHSA-26f6-wm47-7h7j was published for motioneye (pip) Oct 3, 2025 withdrawn
OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the... High Unreviewed
CVE-2025-34226 was published Oct 3, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input... High Unreviewed
CVE-2025-52547 was published Oct 1, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for... High Unreviewed
CVE-2025-52544 was published Oct 1, 2025
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload High
CVE-2025-59537 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
s0ngsari530 jake-ciolek
crenshaw-dev blakepettersson
Credited to s0ngsari530, jake-ciolek, crenshaw-dev, and blakepettersson
MinIO Java Client XML Tag Value Substitution Vulnerability High
CVE-2025-59952 was published for io.minio:minio (Maven) Sep 29, 2025
Tanguy-Boisset pyguerder
Credited to Tanguy-Boisset and pyguerder
Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if... High Unreviewed
CVE-2025-40836 was published Sep 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database