Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below... High Unreviewed
CVE-2025-8557 was published Sep 11, 2025
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in... High Unreviewed
CVE-2025-54351 was published Aug 3, 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used,... Critical Unreviewed
CVE-2025-54309 was published Jul 18, 2025
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in... Critical Unreviewed
CVE-2025-52921 was published Jun 23, 2025
ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing... Low Unreviewed
CVE-2025-52969 was published Jun 23, 2025
xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which... Low Unreviewed
CVE-2025-52968 was published Jun 23, 2025
A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation... Moderate Unreviewed
CVE-2023-52718 was published Dec 28, 2024
Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of... High Unreviewed
CVE-2023-7266 was published Dec 28, 2024
Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability High
GHSA-85qf-6845-m8p2 was published for github.com/juju/juju (Go) Oct 2, 2024 withdrawn
A vulnerability exists in Rockwell Automation affected products that allows a threat actor to... High Unreviewed
CVE-2024-6242 was published Aug 1, 2024
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature... Critical Unreviewed
CVE-2023-20198 was published Oct 16, 2023
NI MeasurementLink Python Services Improper Access Restriction vulnerability High
CVE-2023-4570 was published for ni-measurementlink-service (pip) Oct 5, 2023
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and... Critical Unreviewed
CVE-2023-31241 was published May 22, 2023
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system... Moderate Unreviewed
CVE-2023-0317 was published Apr 19, 2023
Docker Swarm encrypted overlay network may be unauthenticated High
CVE-2023-28840 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere quadespresso
cpuguy83 tianon neersighted laurazard akerouanton
Docker Swarm encrypted overlay network with a single endpoint is unauthenticated Moderate
CVE-2023-28842 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere neersighted
cpuguy83 tianon quadespresso laurazard akerouanton
Improper Authentication in Kubernetes High
CVE-2020-8558 was published for k8s.io/kubernetes (Go) Feb 15, 2022
halfcrazy
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database