Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,688 advisories

Loading
A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0... Low Unreviewed
CVE-2025-48985 was published Nov 7, 2025
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses Low
GHSA-w2jf-268q-mrvh was published for github.com/opentofu/opentofu (Go) Nov 6, 2025
Open redirect endpoint in Datasette Low
CVE-2025-64481 was published for datasette (pip) Nov 6, 2025
jamesjefferies
Credited to jamesjefferies
Weblate leaks the IP of project member inviting user to be reviewer in Audit log Low
CVE-2025-64326 was published for weblate (pip) Nov 5, 2025
jermanuts nijel
Credited to jermanuts and nijel
Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to... Low Unreviewed
CVE-2025-21077 was published Nov 5, 2025
Kgateway transformation policy template can emit files from the container Low
GHSA-5pmx-7r6r-wfqq was published for github.com/kgateway-dev/kgateway/v2 (Go) Nov 4, 2025
Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH Low
GHSA-j2pc-v64r-mv4f was published for io.github.ascopes:protobuf-maven-plugin (Maven) Nov 4, 2025
Marcono1234
Credited to Marcono1234
This issue was addressed by restricting options offered on a locked device. This issue is fixed... Low Unreviewed
CVE-2025-43408 was published Nov 4, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and... Low Unreviewed
CVE-2025-43423 was published Nov 4, 2025
A denial-of-service issue was addressed with improved input validation. This issue is fixed in... Low Unreviewed
CVE-2025-43365 was published Nov 4, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma... Low Unreviewed
CVE-2025-43395 was published Nov 4, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An... Low Unreviewed
CVE-2025-43309 was published Nov 4, 2025
Shaman has soundness issues and is unmaintained Low
GHSA-7vjm-6qgq-3mrq was published for shaman (Rust) Nov 3, 2025
Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass... Low Unreviewed
CVE-2025-8558 was published Nov 3, 2025
A vulnerability was identified in fushengqian fuint up to... Low Unreviewed
CVE-2025-12623 was published Nov 3, 2025
A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is... Low Unreviewed
CVE-2025-12615 was published Nov 3, 2025
/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4:... Low Unreviewed
CVE-2025-12603 was published Nov 1, 2025
/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1... Low Unreviewed
CVE-2025-12602 was published Nov 1, 2025
If the value passed to os.path.expandvars() is user-controlled a performance degradation is... Low Unreviewed
CVE-2025-6075 was published Oct 31, 2025
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on... Low Unreviewed
CVE-2025-36249 was published Oct 31, 2025
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential... Low Unreviewed
CVE-2025-64352 was published Oct 31, 2025
Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows... Low Unreviewed
CVE-2025-64350 was published Oct 31, 2025
QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to... Low Unreviewed
CVE-2025-23050 was published Oct 31, 2025
In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor... Low Unreviewed
CVE-2025-8850 was published Oct 30, 2025
Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19... Low Unreviewed
CVE-2025-12517 was published Oct 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database