Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,111
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,039 advisories

Loading
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a... Moderate Unreviewed
CVE-2025-54255 was published Sep 9, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-47415 was published Sep 9, 2025
Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP... Moderate Unreviewed
CVE-2025-43786 was published Sep 9, 2025
In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is... Moderate Unreviewed
CVE-2025-34174 was published Sep 9, 2025
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter... Moderate Unreviewed
CVE-2025-34175 was published Sep 9, 2025
In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is... Moderate Unreviewed
CVE-2025-34173 was published Sep 9, 2025
In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent... Moderate Unreviewed
CVE-2025-34172 was published Sep 9, 2025
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Moderate Unreviewed
CVE-2025-55052 was published Sep 9, 2025
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128,... Moderate Unreviewed
CVE-2025-43781 was published Sep 9, 2025
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the... Moderate Unreviewed
CVE-2025-10164 was published Sep 9, 2025
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and... Moderate Unreviewed
CVE-2025-43775 was published Sep 9, 2025
TinyEnv: Inline comments not stripped properly in .env values Moderate
CVE-2025-58759 was published for datahihi1/tiny-env (Composer) Sep 9, 2025
TinyEnv: Missing .env file not required — may cause unexpected behavior Moderate
CVE-2025-58758 was published for datahihi1/tiny-env (Composer) Sep 9, 2025
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server... Moderate Unreviewed
CVE-2025-9269 was published Sep 9, 2025
A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown... Moderate Unreviewed
CVE-2025-5500 was published Sep 9, 2025
Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured... Moderate Unreviewed
CVE-2025-58979 was published Sep 9, 2025
Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds allows... Moderate Unreviewed
CVE-2025-58977 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58983 was published Sep 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross... Moderate Unreviewed
CVE-2025-58975 was published Sep 9, 2025
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital... Moderate Unreviewed
CVE-2025-58976 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58984 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58987 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58990 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58982 was published Sep 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-58988 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database