Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

111,540 advisories

Loading
Coder vulnerable to privilege escalation could lead to a cross workspace compromise High
CVE-2025-58437 was published for github.com/coder/coder/v2 (Go) Sep 5, 2025
johnstcn
podman kube play symlink traversal vulnerability High
CVE-2025-9566 was published for github.com/containers/podman/v4 (Go) Sep 4, 2025
Luap99
Shopware: Reflective Cross Site-Scripting (XSS) in CMS components High
GHSA-9v82-vcjx-m76j was published for shopware/core (Composer) Sep 10, 2025
xml2rfc is vulnerable to arbitrary file reads through prepped files High
GHSA-9mv7-3c64-mmqw was published for xml2rfc (pip) Sep 10, 2025
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled High
CVE-2025-54376 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Apache DolphinScheduler vulnerable to Alert Script Attack High
CVE-2024-43115 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Sep 9, 2025
PyInstaller has local privilege escalation vulnerability High
CVE-2025-59042 was published for pyinstaller (pip) Sep 10, 2025
Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email High
CVE-2025-59041 was published for @anthropic-ai/claude-code (npm) Sep 10, 2025
Picklescan Bypass is Possible via File Extension Mismatch High
GHSA-jgw4-cr84-mqxg was published for picklescan (pip) Sep 10, 2025
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check High
GHSA-mjqp-26hc-grxg was published for picklescan (pip) Sep 10, 2025
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in... High Unreviewed
CVE-2025-57060 was published Sep 9, 2025
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter... High Unreviewed
CVE-2025-57086 was published Sep 9, 2025
A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software... High Unreviewed
CVE-2025-20340 was published Sep 10, 2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper... High Unreviewed
CVE-2025-43885 was published Sep 10, 2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper... High Unreviewed
CVE-2025-43884 was published Sep 10, 2025
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and... High Unreviewed
CVE-2025-8696 was published Sep 10, 2025
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s)... High Unreviewed
CVE-2025-43725 was published Sep 10, 2025
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of... High Unreviewed
CVE-2025-43888 was published Sep 10, 2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect... High Unreviewed
CVE-2025-43887 was published Sep 10, 2025
A vulnerability in the web-based management interface of Cisco Unified Communications Manager ... High Unreviewed
CVE-2025-20326 was published Sep 10, 2025
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability... High Unreviewed
CVE-2025-57616 was published Sep 10, 2025
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports High
GHSA-f7qq-56ww-84cr was published for picklescan (pip) Sep 10, 2025
davcohen
Webrecorder packages are vulnerable to XSS through 404 error handling logic High
CVE-2025-58765 was published for @webrecorder/archivewebpage (npm) Sep 10, 2025
Dedal0
A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122... High Unreviewed
CVE-2025-10199 was published Sep 9, 2025
Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking... High Unreviewed
CVE-2025-10198 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database