Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

126,605 advisories

Loading
Halo v2.20.17 and before is vulnerable to Cross Site Scripting (XSS) in /halo_host/archives/{name}. Moderate Unreviewed
CVE-2025-44595 was published Sep 9, 2025
Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as ... Moderate Unreviewed
CVE-2025-44593 was published Sep 9, 2025
In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not... Moderate Unreviewed
CVE-2025-34178 was published Sep 9, 2025
In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not... Moderate Unreviewed
CVE-2025-34176 was published Sep 9, 2025
In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not... Moderate Unreviewed
CVE-2025-34177 was published Sep 9, 2025
After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read... Moderate Unreviewed
CVE-2025-54239 was published Sep 9, 2025
After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read... Moderate Unreviewed
CVE-2025-54241 was published Sep 9, 2025
After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read... Moderate Unreviewed
CVE-2025-54240 was published Sep 9, 2025
Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT (Quantenna SoC... Moderate Unreviewed
CVE-2025-54083 was published Sep 9, 2025
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') Moderate Unreviewed
CVE-2025-55054 was published Sep 9, 2025
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on... Moderate Unreviewed
CVE-2025-36011 was published Sep 9, 2025
IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross... Moderate Unreviewed
CVE-2025-36125 was published Sep 9, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-47415 was published Sep 9, 2025
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a... Moderate Unreviewed
CVE-2025-54255 was published Sep 9, 2025
CWE-328: Use of Weak Hash Moderate Unreviewed
CVE-2025-55053 was published Sep 9, 2025
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter... Moderate Unreviewed
CVE-2025-34175 was published Sep 9, 2025
In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is... Moderate Unreviewed
CVE-2025-34173 was published Sep 9, 2025
In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is... Moderate Unreviewed
CVE-2025-34174 was published Sep 9, 2025
In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent... Moderate Unreviewed
CVE-2025-34172 was published Sep 9, 2025
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Moderate Unreviewed
CVE-2025-55052 was published Sep 9, 2025
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the... Moderate Unreviewed
CVE-2025-10164 was published Sep 9, 2025
A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown... Moderate Unreviewed
CVE-2025-5500 was published Sep 9, 2025
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server... Moderate Unreviewed
CVE-2025-9269 was published Sep 9, 2025
A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field... Moderate Unreviewed
CVE-2025-57540 was published Sep 9, 2025
A stored cross-site scripting (XSS) vulnerability in the U2F Origin field of the Datacenter... Moderate Unreviewed
CVE-2025-57539 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database