Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,421 advisories

Loading
Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting (XSS)... Low Unreviewed
CVE-2025-9910 was published Sep 11, 2025
A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown... Low Unreviewed
CVE-2025-10216 was published Sep 10, 2025
Decap CMS Cross Site Scripting (XSS) vulnerability Low
CVE-2025-57520 was published for decap-cms (npm) Sep 10, 2025
Vite middleware may serve files starting with the same name with the public directory Low
CVE-2025-58751 was published for vite (npm) Sep 9, 2025
orihjfrog lukeed
Vite's `server.fs` settings were not applied to HTML files Low
CVE-2025-58752 was published for vite (npm) Sep 9, 2025
orihjfrog dominikg
A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly... Low Unreviewed
CVE-2025-8277 was published Sep 9, 2025
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The... Low Unreviewed
CVE-2025-40803 was published Sep 9, 2025
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The... Low Unreviewed
CVE-2025-40802 was published Sep 9, 2025
SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable... Low Unreviewed
CVE-2025-42927 was published Sep 9, 2025
Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an... Low Unreviewed
CVE-2025-42914 was published Sep 9, 2025
Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an... Low Unreviewed
CVE-2025-42913 was published Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through its Style Book theme Low
CVE-2025-43774 was published for com.liferay:com.liferay.frontend.taglib.clay (Maven) Sep 9, 2025
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the... Low Unreviewed
CVE-2024-48341 was published Sep 8, 2025
Fides has a Lack of Brute-Force Protections on Authentication Endpoints Low
CVE-2025-57815 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher daveqnet
Fides' Admin UI User Password Change Does Not Invalidate Current Session Low
CVE-2025-57766 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher adamsachs
daveqnet
PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023... Low Unreviewed
CVE-2023-21466 was published Sep 8, 2025
A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue... Low Unreviewed
CVE-2025-10080 was published Sep 8, 2025
RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If... Low Unreviewed
CVE-2025-58422 was published Sep 8, 2025
Improper removal of sensitive information before storage or transfer in AMD Crash Defender could... Low Unreviewed
CVE-2025-0011 was published Sep 6, 2025
An integer overflow in the SMU could allow a privileged attacker to potentially write memory... Low Unreviewed
CVE-2023-31365 was published Sep 6, 2025
An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious... Low Unreviewed
CVE-2023-31330 was published Sep 6, 2025
Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor... Low Unreviewed
CVE-2024-36331 was published Sep 6, 2025
Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a... Low Unreviewed
CVE-2021-46750 was published Sep 6, 2025
Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to... Low Unreviewed
CVE-2023-20516 was published Sep 6, 2025
Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from... Low Unreviewed
CVE-2023-31326 was published Sep 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database