GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,759
Composer 5,034
Erlang 39
GitHub Actions 38
Go 2,680
Maven 6,120
npm 4,300
NuGet 760
pip 4,078
Pub 12
RubyGems 958
Rust 1,061
Swift 45

Unreviewed advisories

All unreviewed 278,167

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

92 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

There is a Denial of Service（DoS）vulnerability in the ZTE MC889A Pro product. Due to insufficient... Moderate Unreviewed

CVE-2025-46583 was published Oct 27, 2025

A malicious page could have used the type attribute of an OBJECT tag to override the default... Moderate Unreviewed

CVE-2025-11712 was published Oct 14, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2025-0607 was published Oct 6, 2025

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed

CVE-2025-46703 was published Sep 19, 2025

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed

CVE-2025-48007 was published Sep 19, 2025

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed

CVE-2025-57880 was published Sep 19, 2025

In multiple locations, there is a possible way to access content across user profiles due to URI... Moderate Unreviewed

CVE-2025-0083 was published Aug 27, 2025

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when... Moderate Unreviewed

CVE-2025-6429 was published Jun 26, 2025

IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due... Moderate Unreviewed

CVE-2025-25029 was published May 28, 2025

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection... Moderate Unreviewed

CVE-2025-5271 was published May 27, 2025

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows,... Moderate Unreviewed

CVE-2025-3942 was published May 22, 2025

Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN... Moderate Unreviewed

CVE-2021-25262 was published May 21, 2025

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker... Moderate Unreviewed

CVE-2025-4084 was published Apr 29, 2025

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding... Moderate Unreviewed

CVE-2025-23377 was published Apr 28, 2025

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki -... Moderate Unreviewed

CVE-2025-32078 was published Apr 11, 2025

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core ... Moderate Unreviewed

CVE-2025-32072 was published Apr 11, 2025

An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon ... Moderate Unreviewed

CVE-2025-30657 was published Apr 9, 2025

Improper encoding or escaping of output vulnerability in the webapi component in Synology... Moderate Unreviewed

CVE-2024-50629 was published Mar 19, 2025

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed

CVE-2023-35894 was published Mar 7, 2025

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files... Moderate Unreviewed

CVE-2024-49355 was published Feb 20, 2025

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address,... Moderate Unreviewed

CVE-2024-56473 was published Feb 6, 2025

Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue... Moderate Unreviewed

CVE-2024-56277 was published Jan 21, 2025

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user... Moderate Unreviewed

CVE-2024-52891 was published Jan 7, 2025

A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab... Moderate Unreviewed

CVE-2024-47224 was published Oct 21, 2024

A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33... Moderate Unreviewed

CVE-2024-40088 was published Oct 21, 2024

Previous1…4 Next

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

92 advisories