Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,201 advisories

Loading
CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12... Moderate Unreviewed
CVE-2025-59596 was published Nov 5, 2025
An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1280,... Moderate Unreviewed
CVE-2025-54327 was published Nov 4, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 26.1,... Moderate Unreviewed
CVE-2025-43458 was published Nov 4, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and... Moderate Unreviewed
CVE-2025-43427 was published Nov 4, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 26.1,... Moderate Unreviewed
CVE-2025-43430 was published Nov 4, 2025
A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2,... Moderate Unreviewed
CVE-2025-43348 was published Nov 4, 2025
uv allows ZIP payload obfuscation through parsing differentials Moderate
GHSA-pqhf-p39g-3x64 was published for uv (pip) Oct 29, 2025
calebbrown woodruffw
zanieb
Credited to calebbrown, woodruffw, and zanieb
A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function... Moderate Unreviewed
CVE-2025-12305 was published Oct 27, 2025
Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1... Moderate Unreviewed
CVE-2025-12278 was published Oct 26, 2025
Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects... Moderate Unreviewed
CVE-2025-12284 was published Oct 26, 2025
The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in... Moderate Unreviewed
CVE-2025-11497 was published Oct 25, 2025
An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server... Moderate Unreviewed
CVE-2025-11958 was published Oct 22, 2025
A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of... Moderate Unreviewed
CVE-2025-11938 was published Oct 19, 2025
Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0... Moderate Unreviewed
CVE-2025-60537 was published Oct 14, 2025
Improper input validation in Microsoft Windows Search Component allows an authorized attacker to... Moderate Unreviewed
CVE-2025-59198 was published Oct 14, 2025
Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker... Moderate Unreviewed
CVE-2025-59190 was published Oct 14, 2025
Improper input validation in Windows Kernel allows an unauthorized attacker to disclose... Moderate Unreviewed
CVE-2025-55679 was published Oct 14, 2025
Astro's `X-Forwarded-Host` is reflected without validation Moderate
CVE-2025-61925 was published for astro (npm) Oct 10, 2025
Chisnet
Credited to Chisnet
Information disclosure may occur while processing the hypervisor log. Moderate Unreviewed
CVE-2025-27040 was published Oct 9, 2025
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
ota42y Alnusjaponica Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, ota42y, Alnusjaponica, Isotr0py, and DarkLight1337
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict Moderate
GHSA-mm7p-fcc7-pg87 was published for nodemailer (npm) Oct 7, 2025
xclow3n
Credited to xclow3n
A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function... Moderate Unreviewed
CVE-2025-11346 was published Oct 6, 2025
A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function... Moderate Unreviewed
CVE-2025-11345 was published Oct 6, 2025
A vulnerability was found in LaChatterie Verger up to 1.2.10. This impacts the function... Moderate Unreviewed
CVE-2025-11273 was published Oct 5, 2025
QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing Moderate
CVE-2025-11226 was published for ch.qos.logback:logback-core (Maven) Oct 1, 2025
chrismcmacken
Credited to chrismcmacken
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database