Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

5,154 advisories

Loading
Improper input validation in firmware of some Solidigm DC Products may allow an attacker with... Moderate Unreviewed
CVE-2025-9195 was published Aug 28, 2025
A vulnerability classified as critical was found in Metasoft 美特软件 MetaCRM up to 6.4.2. This... Moderate Unreviewed
CVE-2025-7876 was published Jul 20, 2025
The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting... Moderate Unreviewed
CVE-2025-22491 was published Feb 28, 2025
IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote attacker to traverse... Moderate Unreviewed
CVE-2025-36114 was published Aug 20, 2025
A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as... Moderate Unreviewed
CVE-2025-5497 was published Jun 3, 2025
HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability.... Moderate Unreviewed
CVE-2025-52620 was published Aug 16, 2025
The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all... Moderate Unreviewed
CVE-2025-7507 was published Aug 15, 2025
A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is... Moderate Unreviewed
CVE-2025-8963 was published Aug 14, 2025
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication Moderate
CVE-2025-52894 was published for github.com/openbao/openbao (Go) Jun 26, 2025
cipherboy
Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R)... Moderate Unreviewed
CVE-2025-27537 was published Aug 12, 2025
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet... Moderate Unreviewed
CVE-2025-21086 was published Aug 12, 2025
Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may... Moderate Unreviewed
CVE-2025-24296 was published Aug 12, 2025
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform... Moderate Unreviewed
CVE-2025-25005 was published Aug 12, 2025
Issue of buffer overflow caused by insufficient data verification in the kernel acceleration... Moderate Unreviewed
CVE-2025-54641 was published Aug 6, 2025
Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module.... Moderate Unreviewed
CVE-2025-54642 was published Aug 6, 2025
uv allows ZIP payload obfuscation through parsing differentials Moderate
CVE-2025-54368 was published for uv (pip) Aug 7, 2025
charliermarsh zanieb
woodruffw thatch calebbrown
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure... Moderate Unreviewed
CVE-2025-20184 was published Feb 5, 2025
Apache Tomcat Improper Input Validation vulnerability Moderate
CVE-2023-45648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 mpihelgas
Apache CXF: Untrusted JMS configuration can lead to RCE Moderate
CVE-2025-48913 was published for org.apache.cxf:cxf-rt-transports-jms (Maven) Aug 8, 2025
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x... Moderate Unreviewed
CVE-2020-3999 was published May 24, 2022
Ollama allows deletion of arbitrary files Moderate
CVE-2025-44779 was published for github.com/ollama/ollama (Go) Aug 7, 2025
Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66... Moderate Unreviewed
CVE-2025-8582 was published Aug 7, 2025
A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the... Moderate Unreviewed
CVE-2025-50233 was published Aug 6, 2025
Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page Moderate
CVE-2025-8571 was published for concrete5/concrete5 (Composer) Aug 6, 2025
A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM)... Moderate Unreviewed
CVE-2020-3538 was published Nov 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database