Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

106,383 advisories

Loading
In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due... High Unreviewed
CVE-2025-48583 was published Dec 8, 2025
In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground... High Unreviewed
CVE-2025-48573 was published Dec 8, 2025
In connectInternal of MediaBrowser.java, there is a possible way to access while in use... High Unreviewed
CVE-2025-48580 was published Dec 8, 2025
In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input... High Unreviewed
CVE-2025-48638 was published Dec 8, 2025
In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear... High Unreviewed
CVE-2025-48606 was published Dec 8, 2025
In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a... High Unreviewed
CVE-2025-48633 was published Dec 8, 2025
In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a... High Unreviewed
CVE-2025-48620 was published Dec 8, 2025
In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image... High Unreviewed
CVE-2025-48628 was published Dec 8, 2025
In multiple functions of NotificationStation.java, there is a possible cross-profile information... High Unreviewed
CVE-2025-48555 was published Dec 8, 2025
In multiple functions of Session.java, there is a possible way to view images belonging to a... High Unreviewed
CVE-2025-32328 was published Dec 8, 2025
In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic... High Unreviewed
CVE-2025-48588 was published Dec 8, 2025
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows... High Unreviewed
CVE-2025-65797 was published Dec 8, 2025
In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer... High Unreviewed
CVE-2025-48637 was published Dec 8, 2025
In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an... High Unreviewed
CVE-2025-48639 was published Dec 8, 2025
In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to... High Unreviewed
CVE-2025-48627 was published Dec 8, 2025
In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access... High Unreviewed
CVE-2025-48625 was published Dec 8, 2025
Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms... High Unreviewed
CVE-2025-8854 was published Aug 11, 2025
In multiple locations, there is a possible way to leak audio files across user profiles due to a... High Unreviewed
CVE-2025-22420 was published Dec 8, 2025
In multiple functions of Session.java, there is a possible way to view images belonging to a... High Unreviewed
CVE-2025-32329 was published Dec 8, 2025
This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role... High Unreviewed
CVE-2025-55948 was published Dec 4, 2025
In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue... High Unreviewed
CVE-2025-48525 was published Dec 8, 2025
The Litmus platform uses JWT for authentication and authorization, but the secret being used for... High Unreviewed
CVE-2025-14261 was published Dec 8, 2025
In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations... High Unreviewed
CVE-2025-48632 was published Dec 8, 2025
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service... High Unreviewed
CVE-2025-48631 was published Dec 8, 2025
In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a... High Unreviewed
CVE-2025-48621 was published Dec 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database