Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,299
NuGet
760
pip
4,078
Pub
12
RubyGems
957
Rust
1,060
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,595 advisories

Loading
The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP)... High Unreviewed
CVE-2025-62674 was published Nov 20, 2025
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6... High Unreviewed
CVE-2025-52668 was published Nov 20, 2025
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users... High Unreviewed
CVE-2025-52670 was published Nov 20, 2025
The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF)... High Unreviewed
CVE-2025-64770 was published Nov 20, 2025
Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the... High Unreviewed
CVE-2025-63685 was published Nov 20, 2025
An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit... High Unreviewed
CVE-2025-63807 was published Nov 20, 2025
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in... High Unreviewed
CVE-2025-48986 was published Nov 20, 2025
authkit-nextjs may let session cookies be cached in CDNs High
CVE-2025-64762 was published for @workos-inc/authkit-nextjs (npm) Nov 20, 2025
@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes High
CVE-2025-64755 was published for @anthropic-ai/claude-code (npm) Nov 20, 2025
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs High
CVE-2025-62372 was published for vllm (pip) Nov 20, 2025
DarkLight1337 ywang96
Isotr0py russellb
Credited to DarkLight1337, ywang96, Isotr0py, and russellb
vLLM deserialization vulnerability leading to DoS and potential RCE High
CVE-2025-62164 was published for vllm (pip) Nov 20, 2025
omriaxion russellb
DarkLight1337 Isotr0py ywang96
Credited to omriaxion, russellb, DarkLight1337, Isotr0py, and ywang96
The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows... High Unreviewed
CVE-2025-63889 was published Nov 20, 2025
Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which... High Unreviewed
CVE-2025-12121 was published Nov 20, 2025
Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a... High Unreviewed
CVE-2025-12120 was published Nov 20, 2025
An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 -... High Unreviewed
CVE-2025-60738 was published Nov 20, 2025
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with... High Unreviewed
CVE-2025-62730 was published Nov 20, 2025
SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak... High Unreviewed
CVE-2025-62294 was published Nov 20, 2025
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates High
CVE-2025-65106 was published for langchain-core (pip) Nov 20, 2025
0xn3va
Credited to 0xn3va
A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code... High Unreviewed
CVE-2025-13446 was published Nov 20, 2025
A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an... High Unreviewed
CVE-2025-13433 was published Nov 20, 2025
A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform... High Unreviewed
CVE-2025-13445 was published Nov 20, 2025
A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote... High Unreviewed
CVE-2025-40601 was published Nov 20, 2025
Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 (UPnP modules), which... High Unreviewed
CVE-2025-11676 was published Nov 20, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2025-0643 was published Nov 20, 2025
Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and... High Unreviewed
CVE-2025-0645 was published Nov 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database