Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

900 advisories

Loading
Magento Community Edition Improper Input Validation vulnerability Critical
CVE-2025-54236 was published for magento/community-edition (Composer) Sep 9, 2025
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation Critical
CVE-2025-54123 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0,... Critical Unreviewed
CVE-2024-35213 was published Jun 11, 2024
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input... Critical Unreviewed
CVE-2024-45169 was published Aug 22, 2024
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing... Critical Unreviewed
CVE-2017-12187 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing... Critical Unreviewed
CVE-2017-12184 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing... Critical Unreviewed
CVE-2017-12183 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension... Critical Unreviewed
CVE-2017-12185 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing... Critical Unreviewed
CVE-2017-12186 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing... Critical Unreviewed
CVE-2017-12180 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing... Critical Unreviewed
CVE-2017-12182 was published May 13, 2022
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function... Critical Unreviewed
CVE-2017-12178 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection... Critical Unreviewed
CVE-2017-12176 was published May 13, 2022
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing... Critical Unreviewed
CVE-2017-12181 was published May 13, 2022
Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified... Critical Unreviewed
CVE-2025-34158 was published Aug 21, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS)... Critical Unreviewed
CVE-2025-34157 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34159 was published Aug 27, 2025
Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution... Critical Unreviewed
CVE-2025-34161 was published Aug 27, 2025
cipher-base is missing type checks, leading to hash rewind and passing on crafted data Critical
CVE-2025-9287 was published for cipher-base (npm) Aug 21, 2025
ChALkeR ljharb
sha.js is missing type checks leading to hash rewind and passing on crafted data Critical
CVE-2025-9288 was published for sha.js (npm) Aug 21, 2025
ChALkeR
A security issue exists due to improper handling of malformed CIP Forward Close packets during... Critical Unreviewed
CVE-2025-7693 was published Aug 18, 2025
A vulnerability has been found in the  MSoft MFlash application that allows execution of... Critical Unreviewed
CVE-2025-9060 was published Aug 15, 2025
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This... Critical Unreviewed
CVE-2025-8876 was published Aug 14, 2025
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (RubyGems) Jul 10, 2019
G-Rath
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet... Critical Unreviewed
CVE-2025-24325 was published Aug 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database