Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,423 advisories

Loading
Incorrect Authorization vulnerability in OpenText™ GroupWise allows Exploiting Incorrectly... Low Unreviewed
CVE-2025-0885 was published Jul 3, 2025
The distributed engine of Secret Server versions 11.7.49 and earlier can be exploited during an... Low Unreviewed
CVE-2025-6942 was published Jul 2, 2025
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm Low
CVE-2024-56128 was published for org.apache.kafka:kafka_2.10 (Maven) Dec 18, 2024
In affected versions of Octopus Server error messages were handled unsafely on the error page. If... Low Unreviewed
CVE-2025-0513 was published Feb 11, 2025
Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that... Low Unreviewed
CVE-2025-6943 was published Jul 2, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-53492 was published Jul 2, 2025
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message... Low Unreviewed
CVE-2025-24335 was published Jul 2, 2025
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the... Low Unreviewed
CVE-2025-24334 was published Jul 2, 2025
pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability. Low Unreviewed
CVE-2015-0849 was published Jun 27, 2025
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache Low
CVE-2025-25183 was published for vllm (pip) Feb 6, 2025
kexinoh russellb
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of... Low Unreviewed
CVE-2025-4654 was published Jul 2, 2025
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and... Low Unreviewed
CVE-2025-52463 was published Jul 2, 2025
sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow Low
CVE-2025-6494 was published for nokogiri (RubyGems) Jun 23, 2025 withdrawn
flavorjones
sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow Low
CVE-2025-6490 was published for nokogiri (RubyGems) Jun 22, 2025 withdrawn
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS) Low
CVE-2025-45143 was published for string-math (npm) Jun 30, 2025
Yealink YMCS RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force... Low Unreviewed
CVE-2025-52916 was published Jun 22, 2025
Taylor has race condition in /get-patch that allows purchase token replay Low
GHSA-vh5j-5fhq-9xwg was published for taylored (npm) Jun 27, 2025
snyff
Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce... Low Unreviewed
CVE-2025-40710 was published Jun 30, 2025
Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode Low
CVE-2025-6624 was published for github.com/snyk/go-application-framework (Go) Jun 26, 2025
RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption... Low Unreviewed
CVE-2015-20112 was published Jun 29, 2025
An integer underflow in the image processing binary of the MIB3 infotainment unit allows an... Low Unreviewed
CVE-2023-28902 was published Jun 28, 2025
An integer overflow in the image processing binary of the MIB3 infotainment unit allows an... Low Unreviewed
CVE-2023-28903 was published Jun 28, 2025
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks Low
CVE-2025-52889 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obp-anssi
zkVM Underconstrained Vulnerability Low
CVE-2025-52484 was published for risc0-circuit-rv32im (Rust) Jun 20, 2025
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
tal-sealsecurity
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database