Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,564 advisories

Loading
In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead... High Unreviewed
CVE-2025-32318 was published Sep 5, 2025
Path Traversal vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay allows... High Unreviewed
CVE-2025-48317 was published Sep 5, 2025
Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player allows... High Unreviewed
CVE-2025-48104 was published Sep 5, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-53307 was published Sep 5, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-58206 was published Sep 5, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-58214 was published Sep 5, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-57889 was published Sep 5, 2025
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air... High Unreviewed
CVE-2025-30199 was published Sep 5, 2025
In System UI, there is a possible way to view other users' images due to a confused deputy. This... High Unreviewed
CVE-2025-32320 was published Sep 5, 2025
Some payload elements of the messages sent between two stations in a networking architecture are... High Unreviewed
CVE-2025-9999 was published Sep 5, 2025
In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app... High Unreviewed
CVE-2025-26450 was published Sep 5, 2025
In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots... High Unreviewed
CVE-2025-26452 was published Sep 5, 2025
In multiple functions of CameraService.cpp, there is a possible way to use the camera from the... High Unreviewed
CVE-2025-26440 was published Sep 5, 2025
In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap... High Unreviewed
CVE-2025-26455 was published Sep 5, 2025
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle... High Unreviewed
CVE-2025-32312 was published Sep 5, 2025
In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's... High Unreviewed
CVE-2025-32347 was published Sep 4, 2025
In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact... High Unreviewed
CVE-2025-32346 was published Sep 4, 2025
In multiple locations, there is a possible memory corruption due to a use after free. This could... High Unreviewed
CVE-2025-32332 was published Sep 4, 2025
NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that... High Unreviewed
CVE-2025-23258 was published Sep 5, 2025
NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an... High Unreviewed
CVE-2025-23257 was published Sep 5, 2025
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release... High Unreviewed
CVE-2023-21475 was published Sep 5, 2025
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release... High Unreviewed
CVE-2023-21476 was published Sep 5, 2025
NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with... High Unreviewed
CVE-2025-23256 was published Sep 5, 2025
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert... High Unreviewed
CVE-2021-20039 was published Dec 9, 2021
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database