Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,583 advisories

Loading
NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an... High Unreviewed
CVE-2025-23257 was published Sep 5, 2025
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release... High Unreviewed
CVE-2023-21475 was published Sep 5, 2025
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release... High Unreviewed
CVE-2023-21476 was published Sep 5, 2025
NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with... High Unreviewed
CVE-2025-23256 was published Sep 5, 2025
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert... High Unreviewed
CVE-2021-20039 was published Dec 9, 2021
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
Hono's flaw in URL path parsing could cause path confusion High
CVE-2025-58362 was published for hono (npm) Sep 3, 2025
mwlik imenyoo2
Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter High
CVE-2025-58179 was published for @astrojs/cloudflare (npm) Sep 4, 2025
ghostdevv monizb
alexanderniebuhr ascorbic ematipico delucis
Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time High
CVE-2025-54413 was published for skops (pip) Jul 25, 2025
io-no
In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an... High Unreviewed
CVE-2025-26431 was published Sep 4, 2025
In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of... High Unreviewed
CVE-2025-48534 was published Sep 4, 2025
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not... High Unreviewed
CVE-2025-1828 was published Mar 11, 2025
In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a... High Unreviewed
CVE-2025-26439 was published Sep 4, 2025
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that... High Unreviewed
CVE-2025-3246 was published Apr 18, 2025
A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers... High Unreviewed
CVE-2024-10001 was published Jan 29, 2025
index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. High Unreviewed
CVE-2025-58780 was published Sep 5, 2025
Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Add to Feedly allows Stored XSS.... High Unreviewed
CVE-2025-58859 was published Sep 5, 2025
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Popping Sidebars and Widgets Light... High Unreviewed
CVE-2025-58853 was published Sep 5, 2025
Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V (Artprima) AP... High Unreviewed
CVE-2025-58855 was published Sep 5, 2025
Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes allows Reflected XSS. This... High Unreviewed
CVE-2025-58848 was published Sep 5, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Subhash Kumar Database to Excel allows Stored... High Unreviewed
CVE-2025-58844 was published Sep 5, 2025
Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Auto Last Youtube Video allows... High Unreviewed
CVE-2025-58843 was published Sep 5, 2025
Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu... High Unreviewed
CVE-2025-58839 was published Sep 5, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer – HYPESocial.... High Unreviewed
CVE-2025-58846 was published Sep 5, 2025
Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect allows Object... High Unreviewed
CVE-2025-58833 was published Sep 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database