Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,675
Maven
5,000+
npm
4,297
NuGet
760
pip
4,077
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,391 advisories

Loading
A local privilege escalation vulnerability exists in the restore mechanism of ASUS System... High Unreviewed
CVE-2025-59373 was published Nov 25, 2025
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the... Moderate Unreviewed
CVE-2025-64996 was published Nov 18, 2025
Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due... High Unreviewed
CVE-2025-34323 was published Nov 17, 2025
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The... Moderate Unreviewed
CVE-2024-32014 was published Nov 11, 2025
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The... High Unreviewed
CVE-2024-32010 was published Nov 11, 2025
An ACAP configuration file has improper permissions, which could allow command injection and... Moderate Unreviewed
CVE-2025-6779 was published Nov 11, 2025
An ACAP configuration file has improper permissions and lacks input validation, which could... Moderate Unreviewed
CVE-2025-8108 was published Nov 11, 2025
The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to... Moderate Unreviewed
CVE-2025-43079 was published Nov 10, 2025
KubeVirt Vulnerable to Arbitrary Host File Read and Write High
CVE-2025-64324 was published for kubevirt.io/kubevirt (Go) Nov 7, 2025
mihailkirov Faeris95
jean-edouard
Credited to mihailkirov, Faeris95, and jean-edouard
Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft... Moderate Unreviewed
CVE-2025-64319 was published Nov 4, 2025
Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce... Moderate Unreviewed
CVE-2025-64322 was published Nov 4, 2025
Tampering of the registry entries might have led to preventing the ESET security products from... Moderate Unreviewed
CVE-2025-4952 was published Oct 31, 2025
Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which... High Unreviewed
CVE-2025-34287 was published Oct 31, 2025
Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets... Moderate Unreviewed
CVE-2025-34135 was published Oct 31, 2025
A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system... Moderate Unreviewed
CVE-2025-11906 was published Oct 30, 2025
On affected platforms, restricted users could use SSH port forwarding to access host-internal... High Unreviewed
CVE-2025-54546 was published Oct 30, 2025
On affected platforms, a restricted user could break out of the CLI sandbox to the system shell... High Unreviewed
CVE-2025-54545 was published Oct 30, 2025
An incorrect permission assignment for a critical resource vulnerability was discovered in... Moderate Unreviewed
CVE-2025-62688 was published Oct 24, 2025
Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation... Critical Unreviewed
CVE-2025-12004 was published Oct 21, 2025
A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with... Moderate Unreviewed
CVE-2025-31702 was published Oct 15, 2025
An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in... High Unreviewed
CVE-2025-57741 was published Oct 14, 2025
Liferay has Incorrect Permission Assignment for Critical Resource Moderate
CVE-2025-62251 was published for com.liferay:com.liferay.site.navigation.menu.item.asset.vocabulary (Maven) Oct 14, 2025
MacForge contains an insecure XPC service that allows local, unprivileged users to escalate their... High Unreviewed
CVE-2025-10751 was published Oct 4, 2025
IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security... Moderate Unreviewed
CVE-2025-36193 was published Sep 29, 2025
iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY... High Unreviewed
CVE-2025-10541 was published Sep 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database