Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,540 advisories

Loading
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage High
CVE-2025-59052 was published for @angular/platform-server (npm) Sep 10, 2025
alan-agius4 jelbourn
josephperrott thePunderWoman atscott jkrems
The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to... High Unreviewed
CVE-2025-50892 was published Sep 10, 2025
Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint.... High Unreviewed
CVE-2025-55976 was published Sep 10, 2025
BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation... High Unreviewed
CVE-2025-57392 was published Sep 10, 2025
Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a... High Unreviewed
CVE-2025-10200 was published Sep 10, 2025
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0... High Unreviewed
CVE-2025-10201 was published Sep 10, 2025
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow... High Unreviewed
CVE-2025-57615 was published Sep 10, 2025
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid... High Unreviewed
CVE-2025-57614 was published Sep 10, 2025
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference... High Unreviewed
CVE-2025-57613 was published Sep 10, 2025
Mockoon has a Path Traversal and LFI in the static file serving endpoint High
CVE-2025-59049 was published for @mockoon/cli (npm) Mar 11, 2025
RisingZero
Claude Code rg vulnerability does not protect against approval prompt bypass High
CVE-2025-58764 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
Next.js authorization bypass vulnerability High
CVE-2024-51479 was published for next (npm) Dec 17, 2024
tyage
Netty affected by MadeYouReset HTTP/2 DDoS vulnerability High
CVE-2025-55163 was published for io.netty:netty-codec-http2 (Maven) Aug 13, 2025
galbarnahum AnatBB
YanivRL
DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware High
CVE-2025-59037 was published for @duckdb/duckdb-wasm (npm) Sep 9, 2025
listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover High
CVE-2025-58430 was published for github.com/knadh/listmonk (Go) Sep 9, 2025
r3verii
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload High
CVE-2025-58180 was published for octoprint (pip) Sep 9, 2025
prabhatverma47
CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion High
CVE-2025-58063 was published for github.com/coredns/coredns (Go) Sep 9, 2025
thevilledev
jsPDF Denial of Service (DoS) High
CVE-2025-57810 was published for jspdf (npm) Aug 26, 2025
AlexRomberg
XGrammar affected by Denial of Service by infinite recursion grammars High
CVE-2025-57809 was published for xgrammar (pip) Aug 25, 2025
xendo
XWiki Blog Application: Privilege Escalation (PR) from account through blog content High
CVE-2025-58365 was published for org.xwiki.contrib.blog:application-blog-ui (Maven) Sep 8, 2025
MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server High
CVE-2025-58444 was published for @modelcontextprotocol/inspector (npm) Sep 8, 2025
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation High
CVE-2025-57817 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher erosselli
daveqnet
ImageMagick has a Stack Buffer Overflow in image.c High
CVE-2025-53101 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip YutoIn
iwashiira utshina
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
anlakii
SKOPS Card.get_model happily allows arbitrary code execution High
CVE-2025-54886 was published for skops (pip) Aug 7, 2025
io-no
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database