Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,750 advisories

Loading
Astro development server error page vulnerable to reflected Cross-site Scripting Low
CVE-2025-64745 was published for astro (npm) Nov 13, 2025
pHo9UBenaA delucis
florian-lefebvre
Credited to pHo9UBenaA, delucis, and florian-lefebvre
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control... Low Unreviewed
CVE-2025-46370 was published Nov 13, 2025
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-11777 was published for github.com/mattermost/mattermost (Go) Nov 13, 2025
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve... Low Unreviewed
CVE-2025-12817 was published Nov 13, 2025
Wasmtime provides unsound API access to a WebAssembly shared linear memory Low
CVE-2025-64345 was published for wasmtime (Rust) Nov 12, 2025
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch... Low Unreviewed
CVE-2025-63396 was published Nov 12, 2025
sudo-rs: Partial password reveal is possible after timeout Low
CVE-2025-64170 was published for sudo-rs (Rust) Nov 12, 2025
DevLaTron bjorn3
MggMuggins squell
Credited to DevLaTron, bjorn3, MggMuggins, and squell
changedetection.io: Stored XSS in Watch update via API Low
CVE-2025-62780 was published for changedetection.io (pip) Nov 12, 2025
edoardottt
Credited to edoardottt
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20378 was published Nov 12, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20379 was published Nov 12, 2025
When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the... Low Unreviewed
CVE-2025-3717 was published Nov 11, 2025
When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the... Low Unreviewed
CVE-2025-41116 was published Nov 11, 2025
Improper access control for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User... Low Unreviewed
CVE-2025-32037 was published Nov 11, 2025
Improper neutralization for some Intel(R) Neural Compressor software before version v3.4 within... Low Unreviewed
CVE-2025-27712 was published Nov 11, 2025
Improper input validation in some firmware for some Intel(R) Graphics Drivers and Intel LTS... Low Unreviewed
CVE-2025-25216 was published Nov 11, 2025
Improper access control for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within... Low Unreviewed
CVE-2025-24314 was published Nov 11, 2025
Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001... Low Unreviewed
CVE-2025-24307 was published Nov 11, 2025
Unrestricted upload of file with dangerous type for some Intel(R) CIP software before version... Low Unreviewed
CVE-2025-24862 was published Nov 11, 2025
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit Low Unreviewed
CVE-2025-64773 was published Nov 11, 2025
Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU... Low Unreviewed
CVE-2025-20622 was published Nov 11, 2025
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR... Low Unreviewed
CVE-2025-12940 was published Nov 11, 2025
Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and... Low Unreviewed
CVE-2025-13015 was published Nov 11, 2025
It was possible to upload files with a specific name to a temporary directory, which may result... Low Unreviewed
CVE-2025-8998 was published Nov 11, 2025
Migration Workbench (DX Workbench) in SAP NetWeaver Application Server for ABAP fails to trigger... Low Unreviewed
CVE-2025-42883 was published Nov 11, 2025
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple... Low Unreviewed
CVE-2025-63678 was published Nov 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database