Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,129 advisories

Loading
xgrammar vulnerable to denial of service by huge enum grammar Moderate
CVE-2025-58446 was published for xgrammar (pip) Sep 5, 2025
xendo
secrets-store-sync-controller discloses service account tokens in logs Moderate
CVE-2025-7445 was published for sigs.k8s.io/secrets-store-sync-controller (Go) Sep 5, 2025
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side Moderate
CVE-2025-58369 was published for co.fs2:fs2-io_0.26 (Maven) Sep 5, 2025
Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments allows Cross... Moderate Unreviewed
CVE-2025-27003 was published Sep 5, 2025
In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to... Moderate Unreviewed
CVE-2025-26434 was published Sep 5, 2025
In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could... Moderate Unreviewed
CVE-2025-32316 was published Sep 5, 2025
In App Widget, there is a possible Information Disclosure due to a confused deputy. This could... Moderate Unreviewed
CVE-2025-32317 was published Sep 5, 2025
In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due... Moderate Unreviewed
CVE-2024-0028 was published Sep 5, 2025
Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-54744 was published Sep 5, 2025
The sequence of packets received by a Networking server are not correctly checked. An attacker... Moderate Unreviewed
CVE-2025-9998 was published Sep 5, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-48105 was published Sep 5, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-48103 was published Sep 5, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-48102 was published Sep 5, 2025
Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured... Moderate Unreviewed
CVE-2025-53571 was published Sep 5, 2025
A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function... Moderate Unreviewed
CVE-2025-10013 was published Sep 5, 2025
In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized... Moderate Unreviewed
CVE-2025-26448 was published Sep 5, 2025
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data... Moderate Unreviewed
CVE-2025-26453 was published Sep 5, 2025
In multiple locations, there is a possible way to persistently DoS the device due to a missing... Moderate Unreviewed
CVE-2025-26432 was published Sep 5, 2025
In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds... Moderate Unreviewed
CVE-2025-26441 was published Sep 5, 2025
In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to... Moderate Unreviewed
CVE-2025-26437 was published Sep 5, 2025
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect... Moderate Unreviewed
CVE-2025-26442 was published Sep 5, 2025
In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a... Moderate Unreviewed
CVE-2025-26445 was published Sep 5, 2025
In multiple locations, there is a possible permanent denial of service due to resource exhaustion... Moderate Unreviewed
CVE-2025-26449 was published Sep 5, 2025
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding... Moderate Unreviewed
CVE-2025-26463 was published Sep 5, 2025
In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server... Moderate Unreviewed
CVE-2025-26456 was published Sep 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database