Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,676
Maven
5,000+
npm
4,298
NuGet
760
pip
4,077
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,591 advisories

Loading
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments High
CVE-2025-61920 was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
Information disclosure may occur while processing the hypervisor log. Moderate Unreviewed
CVE-2025-27040 was published Oct 9, 2025
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server Moderate
CVE-2025-61620 was published for vllm (pip) Oct 7, 2025
key-moon Ga-ryo
ota42y Alnusjaponica Isotr0py DarkLight1337
Credited to key-moon, Ga-ryo, ota42y, Alnusjaponica, Isotr0py, and DarkLight1337
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict Moderate
CVE-2025-13033 was published for nodemailer (npm) Oct 7, 2025
xclow3n
Credited to xclow3n
A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function... Moderate Unreviewed
CVE-2025-11345 was published Oct 6, 2025
A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function... Moderate Unreviewed
CVE-2025-11346 was published Oct 6, 2025
A vulnerability was found in LaChatterie Verger up to 1.2.10. This impacts the function... Moderate Unreviewed
CVE-2025-11273 was published Oct 5, 2025
Duplicate Advisory: motionEye vulnerable to RCE via unsanitized motion config parameter High
GHSA-26f6-wm47-7h7j was published for motioneye (pip) Oct 3, 2025 withdrawn
OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the... High Unreviewed
CVE-2025-34226 was published Oct 3, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for... High Unreviewed
CVE-2025-52544 was published Oct 1, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input... High Unreviewed
CVE-2025-52547 was published Oct 1, 2025
QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing Moderate
CVE-2025-11226 was published for ch.qos.logback:logback-core (Maven) Oct 1, 2025
chrismcmacken
Credited to chrismcmacken
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability,... Low Unreviewed
CVE-2025-11195 was published Sep 30, 2025
argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload High
CVE-2025-59537 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
s0ngsari530 jake-ciolek
crenshaw-dev blakepettersson
Credited to s0ngsari530, jake-ciolek, crenshaw-dev, and blakepettersson
MinIO Java Client XML Tag Value Substitution Vulnerability High
CVE-2025-59952 was published for io.minio:minio (Maven) Sep 29, 2025
Tanguy-Boisset pyguerder
Credited to Tanguy-Boisset and pyguerder
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders Moderate
CVE-2025-59940 was published for mkdocs-include-markdown-plugin (pip) Sep 29, 2025
mondeja
Credited to mondeja
A vulnerability was detected in pmTicket Project-Management-Software up to... Moderate Unreviewed
CVE-2025-11135 was published Sep 29, 2025
A vulnerability has been found in giantspatula SewKinect up to... Moderate Unreviewed
CVE-2025-10974 was published Sep 26, 2025
A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997.... Moderate Unreviewed
CVE-2025-10975 was published Sep 26, 2025
A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue... Moderate Unreviewed
CVE-2025-10965 was published Sep 25, 2025
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning Critical
CVE-2025-59823 was published for github.com/gardener/gardener-extension-provider-aws (Go) Sep 25, 2025
petersutter kon-angelo
hebelsan JordanJordanov donistz
Credited to petersutter, kon-angelo, hebelsan, JordanJordanov, and donistz
Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if... High Unreviewed
CVE-2025-40836 was published Sep 25, 2025
ml-logger deserialization vulnerability Low
CVE-2025-10950 was published for ml-logger (pip) Sep 25, 2025
Llama Stack could potentially allow for remote code execution Moderate
CVE-2025-55178 was published for llama-stack (pip) Sep 24, 2025
Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File... High Unreviewed
CVE-2025-52907 was published Sep 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database