Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

281 advisories

Loading
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with... Critical Unreviewed
CVE-2025-40547 was published Nov 18, 2025
A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This... High Unreviewed
CVE-2025-11085 was published Nov 11, 2025
motionEye vulnerable to RCE via unsanitized motion config parameter High
CVE-2025-60787 was published for motioneye (pip) Nov 3, 2025
prabhatverma47 MichaIng
Credited to prabhatverma47 and MichaIng
There is a Denial of Service(DoS)vulnerability in the ZTE MC889A Pro product. Due to insufficient... Moderate Unreviewed
CVE-2025-46583 was published Oct 27, 2025
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into... High Unreviewed
CVE-2025-11713 was published Oct 14, 2025
A malicious page could have used the type attribute of an OBJECT tag to override the default... Moderate Unreviewed
CVE-2025-11712 was published Oct 14, 2025
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination Moderate
CVE-2025-61912 was published for python-ldap (pip) Oct 10, 2025
aradona91
Credited to aradona91
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize... High Unreviewed
CVE-2025-55903 was published Oct 10, 2025
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters High
CVE-2025-61773 was published for pyload-ng (pip) Oct 9, 2025
odaysec
Credited to odaysec
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-0607 was published Oct 6, 2025
get-jwks: poisoned JWKS cache allows post-fetch issuer validation bypass Critical
CVE-2025-59936 was published for get-jwks (npm) Sep 26, 2025
epureionut99
Credited to epureionut99
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-46703 was published Sep 19, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-48007 was published Sep 19, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-57880 was published Sep 19, 2025
Element Plus Link component (el-link) implements insufficient input validation for the href attribute Moderate
CVE-2025-57665 was published for element-plus (npm) Sep 9, 2025
EwenDC
Credited to EwenDC
In multiple locations, there is a possible way to access content across user profiles due to URI... Moderate Unreviewed
CVE-2025-0083 was published Aug 27, 2025
Duplicate Advisory: Multiple issues involving quote API in shlex Low
GHSA-286m-6pg9-v42v was published for shlex (Rust) Jul 28, 2025 withdrawn
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when... Moderate Unreviewed
CVE-2025-6429 was published Jun 26, 2025
IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due... Moderate Unreviewed
CVE-2025-25029 was published May 28, 2025
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection... Moderate Unreviewed
CVE-2025-5271 was published May 27, 2025
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows,... Moderate Unreviewed
CVE-2025-3942 was published May 22, 2025
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. High Unreviewed
CVE-2021-25254 was published May 21, 2025
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN... Moderate Unreviewed
CVE-2021-25262 was published May 21, 2025
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific... High Unreviewed
CVE-2025-1308 was published May 20, 2025
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow Low
CVE-2025-47280 was published for Umbraco.Forms (NuGet) May 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database