Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12,245 advisories

Loading
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected... Low Unreviewed
CVE-2024-13978 was published Aug 2, 2025
Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users Low
CVE-2025-6011 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput Low
CVE-2025-53011 was published for MaterialX (pip) Jul 31, 2025
suidpit TheZ3ro
ndaprela smaury
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return Low
CVE-2025-53010 was published for MaterialX (pip) Jul 31, 2025
suidpit TheZ3ro
ndaprela smaury
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization Low
CVE-2025-50460 was published for ms-swift (pip) Jul 31, 2025
Anchor0221
Microweber Has Stored XSS Vulnerability in User Profile Fields Low
CVE-2025-51503 was published for microweber/microweber (Composer) Jul 31, 2025
Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and... Low Unreviewed
CVE-2023-44976 was published Aug 1, 2025
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the... Low Unreviewed
CVE-2025-51384 was published Jul 31, 2025
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the... Low Unreviewed
CVE-2025-51385 was published Jul 31, 2025
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the... Low Unreviewed
CVE-2025-51383 was published Jul 31, 2025
A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server... Low Unreviewed
CVE-2023-32251 was published Jul 31, 2025
Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product Low Unreviewed
CVE-2025-37108 was published Jul 31, 2025
Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product Low Unreviewed
CVE-2025-37109 was published Jul 31, 2025
Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password... Low Unreviewed
CVE-2025-36609 was published Jul 30, 2025
on-headers is vulnerable to http response header manipulation Low
CVE-2025-7339 was published for on-headers (npm) Jul 17, 2025
ctcpip jonchurch
SPodjasek UlisesGascon sheplu Zen-cronic
Moby firewalld reload removes bridge network isolation Low
CVE-2025-54410 was published for github.com/docker/docker (Go) Jul 29, 2025
Koa Open Redirect via Referrer Header (User-Controlled) Low
CVE-2025-8129 was published for koa (npm) Jul 29, 2025
NinjaGPT fengmk2
An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928... Low Unreviewed
CVE-2024-13870 was published Mar 12, 2025
A vulnerability was found in libssh, where an uninitialized variable exists under certain... Low Unreviewed
CVE-2025-4878 was published Jul 22, 2025
Netavark Has Possible DNS Resolve Confusion Low
CVE-2025-8283 was published for netavark (Rust) Jul 28, 2025
Duplicate Advisory: Koa Open Redirect via Referrer Header (User-Controlled) Low
GHSA-mvw6-62qv-vmqf was published for koa (npm) Jul 25, 2025 withdrawn
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore... Low Unreviewed
CVE-2024-12533 was published May 13, 2025
JHipster allows privilege escalation via a modified authorities parameter Low
CVE-2025-43712 was published for generator-jhipster (npm) Jul 25, 2025
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration Low Unreviewed
CVE-2025-54529 was published Jul 28, 2025
@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser Low
GHSA-xffm-g5w8-qvg7 was published for @eslint/plugin-kit (npm) Jul 18, 2025
ericcornelissen Qix-
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database