Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,750 advisories

Loading
In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of... Low Unreviewed
CVE-2025-64686 was published Nov 10, 2025
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit Low Unreviewed
CVE-2025-64682 was published Nov 10, 2025
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via... Low Unreviewed
CVE-2025-64681 was published Nov 10, 2025
EverShop is vulnerable to Unauthorized Order Information Access (IDOR) Low
CVE-2025-12919 was published for @evershop/evershop (npm) Nov 9, 2025
A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The... Low Unreviewed
CVE-2025-12918 was published Nov 9, 2025
A relative path traversal vulnerability has been reported to affect Download Station. If a remote... Low Unreviewed
CVE-2025-58463 was published Nov 7, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a... Low Unreviewed
CVE-2025-58465 was published Nov 7, 2025
A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The... Low Unreviewed
CVE-2025-58469 was published Nov 7, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote... Low Unreviewed
CVE-2025-52865 was published Nov 7, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote... Low Unreviewed
CVE-2025-53412 was published Nov 7, 2025
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote... Low Unreviewed
CVE-2025-53408 was published Nov 7, 2025
An allocation of resources without limits or throttling vulnerability has been reported to affect... Low Unreviewed
CVE-2025-53411 was published Nov 7, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote... Low Unreviewed
CVE-2025-54168 was published Nov 7, 2025
A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a... Low Unreviewed
CVE-2025-57706 was published Nov 7, 2025
Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files Low
CVE-2025-48985 was published for ai (npm) Nov 7, 2025
Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to... Low Unreviewed
CVE-2025-11219 was published Nov 7, 2025
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses Low
GHSA-w2jf-268q-mrvh was published for github.com/opentofu/opentofu (Go) Nov 6, 2025
Open redirect endpoint in Datasette Low
CVE-2025-64481 was published for datasette (pip) Nov 6, 2025
jamesjefferies
Credited to jamesjefferies
Weblate leaks the IP of project member inviting user to be reviewer in Audit log Low
CVE-2025-64326 was published for weblate (pip) Nov 5, 2025
jermanuts nijel
Credited to jermanuts and nijel
Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to... Low Unreviewed
CVE-2025-21077 was published Nov 5, 2025
Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH Low
GHSA-j2pc-v64r-mv4f was published for io.github.ascopes:protobuf-maven-plugin (Maven) Nov 4, 2025
Marcono1234
Credited to Marcono1234
This issue was addressed by restricting options offered on a locked device. This issue is fixed... Low Unreviewed
CVE-2025-43408 was published Nov 4, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and... Low Unreviewed
CVE-2025-43423 was published Nov 4, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma... Low Unreviewed
CVE-2025-43395 was published Nov 4, 2025
A denial-of-service issue was addressed with improved input validation. This issue is fixed in... Low Unreviewed
CVE-2025-43365 was published Nov 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database