Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,299
NuGet
760
pip
4,078
Pub
12
RubyGems
957
Rust
1,060
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,593 advisories

Loading
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by... High Unreviewed
CVE-2025-0248 was published Nov 25, 2025
NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause... Moderate Unreviewed
CVE-2025-33191 was published Nov 25, 2025
A Looker user with a Developer role could create a database connection using IBM DB2 driver and,... High Unreviewed
CVE-2025-12740 was published Nov 24, 2025
A Looker user with Developer role could create a database connection using Denodo driver and, by... High Unreviewed
CVE-2025-12741 was published Nov 24, 2025
Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in... Low Unreviewed
CVE-2025-11934 was published Nov 22, 2025
Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple... Moderate Unreviewed
CVE-2025-11936 was published Nov 22, 2025
Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on... Low Unreviewed
CVE-2025-11933 was published Nov 22, 2025
With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is... Low Unreviewed
CVE-2025-12889 was published Nov 22, 2025
vLLM deserialization vulnerability leading to DoS and potential RCE High
CVE-2025-62164 was published for vllm (pip) Nov 20, 2025
omriaxion russellb
DarkLight1337 Isotr0py ywang96
Credited to omriaxion, russellb, DarkLight1337, Isotr0py, and ywang96
Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 (UPnP modules), which... High Unreviewed
CVE-2025-11676 was published Nov 20, 2025
The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code... Critical Unreviewed
CVE-2025-63213 was published Nov 19, 2025
The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12842 was published Nov 19, 2025
CWE-20 Improper Input Validation Moderate Unreviewed
CVE-2025-55058 was published Nov 17, 2025
An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager,... High Unreviewed
CVE-2025-13319 was published Nov 17, 2025
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no... Critical Unreviewed
CVE-2025-10460 was published Nov 17, 2025
Directus is Vulnerable to Stored Cross-site Scripting Moderate
CVE-2025-64747 was published for directus (npm) Nov 14, 2025
Cl0wnK1n9
Credited to Cl0wnK1n9
Improper neutralization of special elements used in a command ('command injection') in Visual... High Unreviewed
CVE-2025-62222 was published Nov 11, 2025
Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring... High Unreviewed
CVE-2025-33000 was published Nov 11, 2025
Improper input validation for some Intel QuickAssist Technology software before version 2.6.0... Moderate Unreviewed
CVE-2025-30509 was published Nov 11, 2025
Improper input validation for some Intel(R) oneAPI Math Kernel Library before version 2025.2... Moderate Unreviewed
CVE-2025-31948 was published Nov 11, 2025
Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001... High Unreviewed
CVE-2025-24299 was published Nov 11, 2025
Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001... Moderate Unreviewed
CVE-2025-24847 was published Nov 11, 2025
Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before... Moderate Unreviewed
CVE-2025-24512 was published Nov 11, 2025
Improper input validation in some firmware for some Intel(R) Graphics Drivers and Intel LTS... Low Unreviewed
CVE-2025-25216 was published Nov 11, 2025
Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows... Moderate Unreviewed
CVE-2025-12944 was published Nov 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database