Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,583 advisories

Loading
XWiki Blog Application: Privilege Escalation (PR) from account through blog content High
CVE-2025-58365 was published for org.xwiki.contrib.blog:application-blog-ui (Maven) Sep 8, 2025
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation High
CVE-2025-57817 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher erosselli
daveqnet
N8N's Chat Trigger component is vulnerable to XSS High
CVE-2025-56265 was published for @n8n/n8n-nodes-langchain (npm) Sep 8, 2025
Django is subject to SQL injection through its column aliases High
CVE-2025-57833 was published for Django (pip) Sep 8, 2025
JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a... High Unreviewed
CVE-2025-40930 was published Sep 8, 2025
FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app... High Unreviewed
CVE-2025-56630 was published Sep 8, 2025
JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when... High Unreviewed
CVE-2025-40928 was published Sep 8, 2025
A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify App 1.0 allows a... High Unreviewed
CVE-2025-55998 was published Sep 8, 2025
A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due... High Unreviewed
CVE-2025-36855 was published Sep 8, 2025
A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based... High Unreviewed
CVE-2025-36853 was published Sep 8, 2025
A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when... High Unreviewed
CVE-2025-36854 was published Sep 8, 2025
Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the... High Unreviewed
CVE-2025-55852 was published Sep 8, 2025
A low-privileged remote attacker could gain unauthorized access to critical resources, such as... High Unreviewed
CVE-2025-41664 was published Sep 8, 2025
An authenticated, low-privileged attacker can obtain credentials stored on the charge controller... High Unreviewed
CVE-2025-41682 was published Sep 8, 2025
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An... High Unreviewed
CVE-2025-41708 was published Sep 8, 2025
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to... High Unreviewed
CVE-2025-8085 was published Sep 8, 2025
Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local... High Unreviewed
CVE-2025-0032 was published Sep 6, 2025
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker... High Unreviewed
CVE-2024-36354 was published Sep 6, 2025
Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections... High Unreviewed
CVE-2024-36326 was published Sep 6, 2025
Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow... High Unreviewed
CVE-2024-36342 was published Sep 6, 2025
Improper input validation in the AMD Graphics Driver could allow an attacker to supply a... High Unreviewed
CVE-2024-36352 was published Sep 6, 2025
Improper input validation in the system management mode (SMM) could allow a privileged attacker... High Unreviewed
CVE-2024-21947 was published Sep 6, 2025
Improper isolation of shared resources on System-on-a-chip (SOC) could a privileged attacker to... High Unreviewed
CVE-2023-31325 was published Sep 6, 2025
Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability... High Unreviewed
CVE-2023-31322 was published Sep 6, 2025
A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat... High Unreviewed
CVE-2025-10034 was published Sep 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database