Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,341 advisories

Loading
mCarFix Motorists App version 2.3 (package name com.skytop.mcarfix), developed by Paniel Mwaura,... High Unreviewed
CVE-2025-61118 was published Oct 30, 2025
ABC Fine Wine & Spirits Android App version v.11.27.5 and before (package name com.cta... High Unreviewed
CVE-2025-61115 was published Oct 30, 2025
AdForest - Classified Android App version 4.0.12 (package name scriptsbundle.adforest), developed... High Unreviewed
CVE-2025-61116 was published Oct 30, 2025
TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API... High Unreviewed
CVE-2025-61113 was published Oct 30, 2025
Senza: Keto & Fasting Android App version 2.10.15 (package name com.gl.senza), developed by Paul... High Unreviewed
CVE-2025-61117 was published Oct 30, 2025
An issue discovered in Dyson App v6.1.23041-23595 allows unauthenticated attackers to control... High Unreviewed
CVE-2025-56558 was published Oct 29, 2025
Incorrect access control on Dataphone A920 v2025.07.161103 exposes a service on port 8888 by... High Unreviewed
CVE-2025-61234 was published Oct 29, 2025
Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows... High Unreviewed
CVE-2025-61156 was published Oct 29, 2025
Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a... High Unreviewed
CVE-2025-60800 was published Oct 28, 2025
Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot. High Unreviewed
CVE-2025-60354 was published Oct 28, 2025
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not... High Unreviewed
CVE-2025-54968 was published Oct 27, 2025
Improper access control in Azure Notification Service allows an authorized attacker to elevate... High Unreviewed
CVE-2025-59500 was published Oct 24, 2025
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges... High Unreviewed
CVE-2025-59273 was published Oct 24, 2025
Kottster app reinitialization can be re-triggered allowing command injection in development mode High
CVE-2025-62713 was published for @kottster/server (npm) Oct 23, 2025
P0cas
Credited to P0cas
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block... High Unreviewed
CVE-2025-62290 was published Oct 21, 2025
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2025-61760 was published Oct 21, 2025
Vulnerability in Oracle Essbase (component: Essbase Web Platform). The supported version that... High Unreviewed
CVE-2025-61763 was published Oct 21, 2025
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics ... High Unreviewed
CVE-2025-53049 was published Oct 21, 2025
Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts... High Unreviewed
CVE-2025-56219 was published Oct 20, 2025
Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality ... High Unreviewed
CVE-2025-61541 was published Oct 16, 2025
A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4... High Unreviewed
CVE-2025-61543 was published Oct 16, 2025
Improper access control in Azure Monitor Agent allows an authorized attacker to elevate... High Unreviewed
CVE-2025-59494 was published Oct 14, 2025
Improper access control in Software Protection Platform (SPP) allows an authorized attacker to... High Unreviewed
CVE-2025-59199 was published Oct 14, 2025
Improper access control in Network Connection Status Indicator (NCSI) allows an authorized... High Unreviewed
CVE-2025-59201 was published Oct 14, 2025
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker... High Unreviewed
CVE-2025-59230 was published Oct 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database