Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,070 advisories

Loading
YesWiki Cross Site Scripting vulnerability Moderate
CVE-2025-52277 was published for yeswiki/yeswiki (Composer) Sep 9, 2025
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter... Moderate Unreviewed
CVE-2025-57570 was published Sep 10, 2025
oasys v1.1 is vulnerable to Directory Traversal in ProcedureController. Moderate Unreviewed
CVE-2025-29592 was published Sep 10, 2025
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter... Moderate Unreviewed
CVE-2025-57569 was published Sep 10, 2025
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList... Moderate Unreviewed
CVE-2025-57571 was published Sep 10, 2025
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose... Moderate Unreviewed
CVE-2025-57573 was published Sep 10, 2025
A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an... Moderate Unreviewed
CVE-2025-10033 was published Sep 6, 2025
Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList... Moderate Unreviewed
CVE-2025-57572 was published Sep 10, 2025
IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged... Moderate Unreviewed
CVE-2024-47120 was published Sep 10, 2025
IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a remote... Moderate Unreviewed
CVE-2024-45669 was published Sep 10, 2025
IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than... Moderate Unreviewed
CVE-2024-45671 was published Sep 10, 2025
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a... Moderate Unreviewed
CVE-2025-9714 was published Sep 10, 2025
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is... Moderate Unreviewed
CVE-2025-10211 was published Sep 10, 2025
Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP... Moderate Unreviewed
CVE-2025-43784 was published Sep 10, 2025
A security flaw has been discovered in Papermerge DMS up to 3.5.3. This issue affects some... Moderate Unreviewed
CVE-2025-10209 was published Sep 10, 2025
A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function... Moderate Unreviewed
CVE-2025-10210 was published Sep 10, 2025
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128,... Moderate Unreviewed
CVE-2025-43783 was published Sep 10, 2025
TYPO3 CMS uses insufficient entropy when generating passwords Moderate
CVE-2025-59015 was published for typo3/cms-core (Composer) Sep 9, 2025
Shopware 6 allows attackers to check for registered accounts through the store-api Moderate
CVE-2025-30150 was published for shopware/core (Composer) Apr 8, 2025
niklaswolf
TinyEnv: Inline comments not stripped properly in .env values Moderate
CVE-2025-58759 was published for datahihi1/tiny-env (Composer) Sep 9, 2025
TinyEnv: Missing .env file not required — may cause unexpected behavior Moderate
CVE-2025-58758 was published for datahihi1/tiny-env (Composer) Sep 9, 2025
copyparty: Sharing a single file does not fully restrict access to other files in source folder Moderate
CVE-2025-58753 was published for copyparty (pip) Sep 9, 2025
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments Moderate
CVE-2025-57816 was published for ethyca-fides (pip) Sep 8, 2025
daveqnet eastandwestwind
erosselli
KaTeX \htmlData does not validate attribute names Moderate
CVE-2025-23207 was published for katex (npm) Jan 17, 2025
nsysean edemaine
Presta Shop vulnerable to email enumeration Moderate
CVE-2025-51586 was published for prestashop/prestashop (Composer) Sep 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database