Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,897 advisories

Loading
Multiple memory corruption issues were addressed with improved input validation. This issue is... Low Unreviewed
CVE-2025-43533 was published Dec 17, 2025
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2,... Low Unreviewed
CVE-2025-43531 was published Dec 17, 2025
Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection Low
CVE-2025-13352 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows... Low Unreviewed
CVE-2025-65185 was published Dec 17, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Low Unreviewed
CVE-2025-43522 was published Dec 12, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.3,... Low Unreviewed
CVE-2025-43518 was published Dec 12, 2025
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15... Low Unreviewed
CVE-2025-43410 was published Dec 12, 2025
A privacy issue was addressed with improved private data redaction for log entries. This issue is... Low Unreviewed
CVE-2025-43517 was published Dec 12, 2025
A session management issue was addressed with improved checks. This issue is fixed in macOS... Low Unreviewed
CVE-2025-43516 was published Dec 12, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma... Low Unreviewed
CVE-2025-43395 was published Nov 4, 2025
Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web... Low Unreviewed
CVE-2025-55254 was published Dec 17, 2025
Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost... Low Unreviewed
CVE-2025-13326 was published Dec 17, 2025
Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost... Low Unreviewed
CVE-2025-13321 was published Dec 17, 2025
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in... Low Unreviewed
CVE-2025-43532 was published Dec 12, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and... Low Unreviewed
CVE-2025-43423 was published Nov 4, 2025
This issue was addressed by restricting options offered on a locked device. This issue is fixed... Low Unreviewed
CVE-2025-43408 was published Nov 4, 2025
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool... Low Unreviewed
CVE-2025-5467 was published Dec 10, 2025
CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf... Low Unreviewed
CVE-2025-14266 was published Dec 17, 2025
Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which... Low Unreviewed
CVE-2025-62690 was published Dec 17, 2025
Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc... Low Unreviewed
CVE-2025-54004 was published Dec 16, 2025
Weblate has improper validation upon invitation acceptance Low
CVE-2025-64725 was published for Weblate (pip) Dec 15, 2025
PyMdown Extensions has a ReDOS bug in its Figure Capture extension Low
CVE-2025-68142 was published for pymdown-extensions (pip) Dec 16, 2025
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test Low Unreviewed
CVE-2025-68164 was published Dec 16, 2025
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project... Low Unreviewed
CVE-2025-68162 was published Dec 16, 2025
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page Low Unreviewed
CVE-2025-68163 was published Dec 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database