Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,413 advisories

Loading
A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior... High Unreviewed
CVE-2025-36553 was published Nov 18, 2025
A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3... High Unreviewed
CVE-2025-32089 was published Nov 18, 2025
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver... High Unreviewed
CVE-2025-36460 was published Nov 18, 2025
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver... High Unreviewed
CVE-2025-36461 was published Nov 18, 2025
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver... High Unreviewed
CVE-2025-36462 was published Nov 18, 2025
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver... High Unreviewed
CVE-2025-36463 was published Nov 18, 2025
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to... High Unreviewed
CVE-2025-13224 was published Nov 18, 2025
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01... High Unreviewed
CVE-2025-13305 was published Nov 18, 2025
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M... High Unreviewed
CVE-2025-13304 was published Nov 18, 2025
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to... High Unreviewed
CVE-2025-13223 was published Nov 18, 2025
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to... High Unreviewed
CVE-2025-36118 was published Nov 17, 2025
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to... High Unreviewed
CVE-2025-36357 was published Nov 17, 2025
Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register) High
GHSA-v5w9-prxf-w882 was published for flowise (npm) Nov 17, 2025
ReeFSpeK ERANV-EVA
Credited to ReeFSpeK and ERANV-EVA
Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection... High Unreviewed
CVE-2025-34322 was published Nov 17, 2025
Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due... High Unreviewed
CVE-2025-34323 was published Nov 17, 2025
Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware... High Unreviewed
CVE-2025-58407 was published Nov 17, 2025
An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager,... High Unreviewed
CVE-2025-13319 was published Nov 17, 2025
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain... High Unreviewed
CVE-2025-58410 was published Nov 17, 2025
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML... High Unreviewed
CVE-2025-63917 was published Nov 17, 2025
QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment"... High Unreviewed
CVE-2025-63748 was published Nov 17, 2025
A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function... High Unreviewed
CVE-2025-13288 was published Nov 17, 2025
glob CLI: Command injection via -c/--cmd executes matches with shell:true High
CVE-2025-64756 was published for glob (npm) Nov 17, 2025
Gyde04 aisle-research
G-Rath bchew qwilr-altonius llwslc EinfachHans skremiec AlanGreene isaacs
Credited to Gyde04, aisle-research, G-Rath, bchew, qwilr-altonius, llwslc, EinfachHans, skremiec, AlanGreene, and isaacs
phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality High
CVE-2025-62519 was published for phpmyfaq/phpmyfaq (Composer) Nov 17, 2025
XY20130630
Credited to XY20130630
In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it... High Unreviewed
CVE-2025-4321 was published Nov 17, 2025
Denial-of-service condition in M-Files Server versions before 25.11.15392.1 allows an... High Unreviewed
CVE-2025-11681 was published Nov 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database