Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,675
Maven
5,000+
npm
4,297
NuGet
760
pip
4,077
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,558 advisories

Loading
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker... High Unreviewed
CVE-2025-59370 was published Nov 25, 2025
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file... High Unreviewed
CVE-2025-13376 was published Nov 25, 2025
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A... High Unreviewed
CVE-2025-59371 was published Nov 25, 2025
A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and... High Unreviewed
CVE-2025-13502 was published Nov 25, 2025
A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated... High Unreviewed
CVE-2025-12003 was published Nov 25, 2025
A Looker user with a Developer role could cause Looker to execute a malicious command, due to... High Unreviewed
CVE-2025-12742 was published Nov 25, 2025
MongoDB Server may experience an invariant failure during batched delete operations when handling... High Unreviewed
CVE-2025-13644 was published Nov 25, 2025
Inconsistent object size validation in time series processing logic may result in later... High Unreviewed
CVE-2025-13507 was published Nov 25, 2025
The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed
CVE-2025-13068 was published Nov 25, 2025
A local privilege escalation vulnerability exists in the restore mechanism of ASUS System... High Unreviewed
CVE-2025-59373 was published Nov 25, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... High Unreviewed
CVE-2025-54563 was published Nov 25, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... High Unreviewed
CVE-2025-54338 was published Nov 25, 2025
Babylon's malformed vote extensions are not rejected High
GHSA-2fcv-qww3-9v6h was published for github.com/babylonlabs-io/babylon/v4 (Go) Nov 24, 2025
OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation High
CVE-2025-64761 was published for github.com/openbao/openbao (Go) Nov 24, 2025
cipherboy
Credited to cipherboy
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR... High Unreviewed
CVE-2024-14007 was published Nov 24, 2025
Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially... High Unreviewed
CVE-2025-48510 was published Nov 24, 2025
Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use... High Unreviewed
CVE-2025-0003 was published Nov 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0... High Unreviewed
CVE-2025-56400 was published Nov 24, 2025
Improper input validation within the XOCL driver may allow a local attacker to generate an... High Unreviewed
CVE-2025-52538 was published Nov 24, 2025
A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt... High Unreviewed
CVE-2025-52539 was published Nov 24, 2025
Improper input validation within the XOCL driver may allow a local attacker to generate an... High Unreviewed
CVE-2025-0005 was published Nov 24, 2025
new-api is vulnerable to SSRF Bypass High
CVE-2025-62155 was published for github.com/QuantumNous/new-api (Go) Nov 24, 2025
h3rrr Calcium-Ion
Credited to h3rrr and Calcium-Ion
A vulnerability has been identified in keylime where an attacker can exploit this flaw by... High Unreviewed
CVE-2025-13609 was published Nov 24, 2025
The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure... High Unreviewed
CVE-2025-63434 was published Nov 24, 2025
An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute... High Unreviewed
CVE-2025-60915 was published Nov 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database