Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,722
Maven
5,000+
npm
4,329
NuGet
762
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,826 advisories

Loading
phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export... Low Unreviewed
CVE-2025-60912 was published Dec 8, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of... Low Unreviewed
CVE-2025-66331 was published Dec 8, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of... Low Unreviewed
CVE-2025-66334 was published Dec 8, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of... Low Unreviewed
CVE-2025-66333 was published Dec 8, 2025
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of... Low Unreviewed
CVE-2025-66332 was published Dec 8, 2025
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android.... Low Unreviewed
CVE-2025-14111 was published Dec 6, 2025
Envoy forwards early CONNECT data in TCP proxy mode Low
CVE-2025-64763 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
yanavlasov agrawroh
Credited to botengyao, phlax, yanavlasov, and agrawroh
An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch Car Android Double Din... Low Unreviewed
CVE-2025-63896 was published Dec 4, 2025
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an... Low Unreviewed
CVE-2025-12997 was published Dec 4, 2025
open-webui is Vulnerable to Incorrect Access Control Low
CVE-2025-63681 was published for open-webui (pip) Dec 4, 2025
Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing Low
CVE-2025-66479 was published for @anthropic-ai/sandbox-runtime (npm) Dec 4, 2025
A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the... Low Unreviewed
CVE-2025-14007 was published Dec 4, 2025
alexusmai laravel-file-manager is vulnerable to Directory Traversal Low
CVE-2025-65345 was published for alexusmai/laravel-file-manager (Composer) Dec 3, 2025
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20382 was published Dec 3, 2025
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20385 was published Dec 3, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20388 was published Dec 3, 2025
Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local... Low Unreviewed
CVE-2025-13751 was published Dec 3, 2025
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function Low
CVE-2025-66453 was published for org.mozilla:rhino (Maven) Dec 3, 2025
TechPizzaDev
Credited to TechPizzaDev
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a... Low Unreviewed
CVE-2025-12954 was published Dec 3, 2025
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local... Low Unreviewed
CVE-2025-13640 was published Dec 2, 2025
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is... Low Unreviewed
CVE-2025-9799 was published Dec 2, 2025
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Low Unreviewed
CVE-2025-59696 was published Dec 2, 2025
Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation Low
CVE-2025-65858 was published for calibreweb (pip) Dec 2, 2025
Mattermost fails to validate user permissions in Boards Low
CVE-2025-13870 was published for github.com/mattermost/mattermost (Go) Dec 2, 2025
Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7... Low Unreviewed
CVE-2025-13871 was published Dec 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database