Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,583 advisories

Loading
An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below... High Unreviewed
CVE-2025-8557 was published Sep 11, 2025
Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to... High Unreviewed
CVE-2025-21034 was published Sep 11, 2025
Axios is vulnerable to DoS attack through lack of data size check High
CVE-2025-58754 was published for axios (npm) Sep 11, 2025
AmeerAssadi
Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass High
CVE-2025-43790 was published for com.liferay:com.liferay.object.service (Maven) Sep 11, 2025
[This CNA information record relates to multiple CVEs; the text explains which aspects... High Unreviewed
CVE-2025-58144 was published Sep 11, 2025
[This CNA information record relates to multiple CVEs; the text explains which aspects... High Unreviewed
CVE-2025-58145 was published Sep 11, 2025
Prebid.js NPM package briefly compromised High
CVE-2025-59038 was published for prebid.js (npm) Sep 11, 2025
The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data... High Unreviewed
CVE-2025-9018 was published Sep 11, 2025
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. High Unreviewed
CVE-2025-58320 was published Sep 11, 2025
The User Meta – User Profile Builder and User management plugin plugin for WordPress is... High Unreviewed
CVE-2025-9693 was published Sep 11, 2025
The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in... High Unreviewed
CVE-2025-9874 was published Sep 11, 2025
A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server ... High Unreviewed
CVE-2025-9918 was published Sep 11, 2025
The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection... High Unreviewed
CVE-2025-8417 was published Sep 11, 2025
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2025-8425 was published Sep 11, 2025
The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-8422 was published Sep 11, 2025
The All in one Minifier plugin for WordPress is vulnerable to SQL Injection via the 'post_id'... High Unreviewed
CVE-2025-9073 was published Sep 11, 2025
The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges... High Unreviewed
CVE-2025-9059 was published Sep 11, 2025
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage High
CVE-2025-59052 was published for @angular/platform-server (npm) Sep 10, 2025
alan-agius4 jelbourn
josephperrott thePunderWoman atscott jkrems
Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a... High Unreviewed
CVE-2025-10200 was published Sep 10, 2025
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0... High Unreviewed
CVE-2025-10201 was published Sep 10, 2025
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow... High Unreviewed
CVE-2025-57615 was published Sep 10, 2025
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference... High Unreviewed
CVE-2025-57613 was published Sep 10, 2025
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid... High Unreviewed
CVE-2025-57614 was published Sep 10, 2025
Shopware: Reflective Cross Site-Scripting (XSS) in CMS components High
GHSA-9v82-vcjx-m76j was published for shopware/core (Composer) Sep 10, 2025
xml2rfc is vulnerable to arbitrary file reads through prepped files High
GHSA-9mv7-3c64-mmqw was published for xml2rfc (pip) Sep 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database