Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,676
Maven
5,000+
npm
4,298
NuGet
760
pip
4,077
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
MongoDB driver extension affected by mongoc_bulk_operation_t's read of invalid memory Moderate
CVE-2025-12119 was published for mongodb/mongodb-extension (Composer) Nov 19, 2025
A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a... Moderate Unreviewed
CVE-2025-61664 was published Nov 18, 2025
A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an... Moderate Unreviewed
CVE-2025-61663 was published Nov 18, 2025
A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader).... Moderate Unreviewed
CVE-2025-54771 was published Nov 18, 2025
A vulnerability has been identified in the GRUB2 bootloader's network module that poses an... Moderate Unreviewed
CVE-2025-54770 was published Nov 18, 2025
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the... Moderate Unreviewed
CVE-2025-10911 was published Sep 25, 2025
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath... Critical Unreviewed
CVE-2025-49794 was published Jun 16, 2025
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML... High Unreviewed
CVE-2025-49795 was published Jun 16, 2025
An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks... Moderate Unreviewed
CVE-2025-30653 was published Apr 9, 2025
An internal product security audit discovered a UEFI SMM (System Management Mode) callout... Moderate Unreviewed
CVE-2024-45105 was published Sep 13, 2024
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service... High Unreviewed
CVE-2024-8250 was published Aug 29, 2024
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause... High Unreviewed
CVE-2024-39792 was published Aug 14, 2024
When an SSL profile with alert timeout is configured with a non-default value on a virtual... Moderate Unreviewed
CVE-2024-28889 was published May 8, 2024
A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project... Critical Unreviewed
CVE-2024-23310 was published Feb 20, 2024
A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to... High Unreviewed
CVE-2023-20212 was published Aug 18, 2023
Expired Pointer Dereference in NPM radare2.js prior to 5.6.2. High Unreviewed
CVE-2022-0523 was published Feb 9, 2022
Memory Safety Issue when using patch or merge on state and assign the result back to state Moderate
CVE-2021-39228 was published for tremor-script (Rust) Sep 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database