Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

5,154 advisories

Loading
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the... Moderate Unreviewed
CVE-2025-10164 was published Sep 9, 2025
TinyEnv: Inline comments not stripped properly in .env values Moderate
CVE-2025-58759 was published for datahihi1/tiny-env (Composer) Sep 9, 2025
Element Plus Link component (el-link) implements insufficient input validation for the href attribute Moderate
CVE-2025-57665 was published for element-plus (npm) Sep 9, 2025
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input... Moderate Unreviewed
CVE-2025-54247 was published Sep 9, 2025
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input... Moderate Unreviewed
CVE-2025-54250 was published Sep 9, 2025
Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an... Moderate Unreviewed
CVE-2025-53809 was published Sep 9, 2025
An authorized user can cause a crash in the MongoDB Server through a specially crafted $group... Moderate Unreviewed
CVE-2025-10061 was published Sep 5, 2025
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1... Moderate Unreviewed
CVE-2023-21472 was published Sep 5, 2025
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1... Moderate Unreviewed
CVE-2023-21473 was published Sep 5, 2025
In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to... Moderate Unreviewed
CVE-2025-48538 was published Sep 4, 2025
In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops... Moderate Unreviewed
CVE-2025-48559 was published Sep 4, 2025
In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to... Moderate Unreviewed
CVE-2025-26429 was published Sep 4, 2025
In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to... Moderate Unreviewed
CVE-2025-26426 was published Sep 4, 2025
Vaadin Platform possible file bypass via upload validation on the server-side Moderate
GHSA-c7v7-rqfm-f44j was published for com.vaadin:vaadin (Maven) Sep 4, 2025
Vaadin Flow Components possible file bypass via upload validation on the server-side Moderate
GHSA-94g8-xv23-7656 was published for com.vaadin:vaadin-upload-flow (Maven) Sep 4, 2025
Vaadin Framework possible file bypass via upload validation on the server-side Moderate
CVE-2025-9467 was published for com.vaadin:vaadin-server (Maven) Sep 4, 2025
Next.js Content Injection Vulnerability for Image Optimization Moderate
CVE-2025-55173 was published for next (npm) Aug 29, 2025
kristianmagas medikoo
An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10... Moderate Unreviewed
CVE-2025-57220 was published Aug 28, 2025
Improper input validation in firmware of some Solidigm DC Products may allow an attacker with... Moderate Unreviewed
CVE-2025-9195 was published Aug 28, 2025
IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote attacker to traverse... Moderate Unreviewed
CVE-2025-36114 was published Aug 20, 2025
HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability.... Moderate Unreviewed
CVE-2025-52620 was published Aug 16, 2025
The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all... Moderate Unreviewed
CVE-2025-7507 was published Aug 15, 2025
A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is... Moderate Unreviewed
CVE-2025-8963 was published Aug 14, 2025
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform... Moderate Unreviewed
CVE-2025-25005 was published Aug 12, 2025
Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R)... Moderate Unreviewed
CVE-2025-27537 was published Aug 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database