Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,572 advisories

Loading
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote... High Unreviewed
CVE-2025-21042 was published Sep 12, 2025
Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote... High Unreviewed
CVE-2025-21043 was published Sep 12, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2... High Unreviewed
CVE-2025-2256 was published Sep 12, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18... High Unreviewed
CVE-2025-6454 was published Sep 12, 2025
The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient... High Unreviewed
CVE-2025-8575 was published Sep 12, 2025
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to... High Unreviewed
CVE-2025-55319 was published Sep 12, 2025
The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions... High Unreviewed
CVE-2025-10269 was published Sep 12, 2025
The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s... High Unreviewed
CVE-2025-9807 was published Sep 12, 2025
Neo4j Cypher MCP server is vulnerable to DNS rebinding High
CVE-2025-10193 was published for mcp-neo4j-cypher (pip) Sep 11, 2025
eharris128
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for... High Unreviewed
CVE-2025-36222 was published Sep 11, 2025
A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0... High Unreviewed
CVE-2025-8061 was published Sep 11, 2025
An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below... High Unreviewed
CVE-2025-8557 was published Sep 11, 2025
A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary... High Unreviewed
CVE-2025-9319 was published Sep 11, 2025
Daikin Security Gateway is vulnerable to an authorization bypass through a user-controlled key... High Unreviewed
CVE-2025-10127 was published Sep 11, 2025
A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal... High Unreviewed
CVE-2025-9201 was published Sep 11, 2025
Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to... High Unreviewed
CVE-2025-21034 was published Sep 11, 2025
Axios is vulnerable to DoS attack through lack of data size check High
CVE-2025-58754 was published for axios (npm) Sep 11, 2025
AmeerAssadi
Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124,... High Unreviewed
CVE-2025-43790 was published Sep 11, 2025
[This CNA information record relates to multiple CVEs; the text explains which aspects... High Unreviewed
CVE-2025-58145 was published Sep 11, 2025
[This CNA information record relates to multiple CVEs; the text explains which aspects... High Unreviewed
CVE-2025-58144 was published Sep 11, 2025
Prebid.js NPM package briefly compromised High
CVE-2025-59038 was published for prebid.js (npm) Sep 11, 2025
The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data... High Unreviewed
CVE-2025-9018 was published Sep 11, 2025
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. High Unreviewed
CVE-2025-58320 was published Sep 11, 2025
The User Meta – User Profile Builder and User management plugin plugin for WordPress is... High Unreviewed
CVE-2025-9693 was published Sep 11, 2025
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in... High Unreviewed
CVE-2025-9874 was published Sep 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database