Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,428 advisories

Loading
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata Low
CVE-2025-55304 was published for Exiv2 (pip) Aug 29, 2025
gluck-pwn
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file Low
CVE-2025-54080 was published for Exiv2 (pip) Aug 29, 2025
dragonArthurX
Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in... Low Unreviewed
CVE-2025-9071 was published Aug 29, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app... Low Unreviewed
CVE-2024-44271 was published Aug 29, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS... Low Unreviewed
CVE-2025-43255 was published Aug 29, 2025
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious... Low Unreviewed
CVE-2025-48979 was published Aug 29, 2025
A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown... Low Unreviewed
CVE-2025-9589 was published Aug 29, 2025
A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an... Low Unreviewed
CVE-2025-9577 was published Aug 28, 2025
Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token Low
GHSA-3rw9-wmc8-8948 was published for github.com/coder/coder/v2 (Go) Aug 28, 2025
spikecurtis
A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown... Low Unreviewed
CVE-2025-9576 was published Aug 28, 2025
Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is... Low Unreviewed
CVE-2025-51643 was published Aug 28, 2025
Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows ... Low Unreviewed
CVE-2025-35112 was published Aug 27, 2025
ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash Low
CVE-2025-55212 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
amethyst0225 leehohojune
jin-156
A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function... Low Unreviewed
CVE-2025-9474 was published Aug 26, 2025
On affected platforms running Arista EOS, the global common encryption key configuration may be... Low Unreviewed
CVE-2025-3456 was published Aug 26, 2025
ImageMagick has a heap-buffer-overflow Low
GHSA-fff3-4rp7-px97 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
hardik05
ImageMagick has a Memory Leak in magick stream Low
CVE-2025-53019 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip YutoIn
iwashiira utshina
ImageMagick has a Heap Buffer Overflow in InterpretImageFilename Low
CVE-2025-53014 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip iwashiira
utshina on-keyday
A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This... Low Unreviewed
CVE-2025-9383 was published Aug 24, 2025
A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an... Low Unreviewed
CVE-2025-9381 was published Aug 24, 2025
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout,... Low Unreviewed
CVE-2025-54812 was published Aug 22, 2025
DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via... Low Unreviewed
CVE-2025-55455 was published Aug 22, 2025
Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety Low
GHSA-655h-hg88-5qmf was published for xcb (Rust) Aug 22, 2025
UnoPim has CSV Injection on Quick Export feature Low
CVE-2025-55745 was published for unopim/unopim (Composer) Aug 22, 2025
sn1p3rt3s7
Bouncy Castle for Java has Out-of-Bounds Write Vulnerability Low
CVE-2025-9340 was published for org.bouncycastle:bc-fips (Maven) Aug 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database