Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,752 advisories

Loading
/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4:... Low Unreviewed
CVE-2025-12603 was published Nov 1, 2025
/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1... Low Unreviewed
CVE-2025-12602 was published Nov 1, 2025
Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files Low
CVE-2025-48985 was published for ai (npm) Nov 7, 2025
Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to... Low Unreviewed
CVE-2025-11219 was published Nov 7, 2025
Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU... Low Unreviewed
CVE-2025-12221 was published Oct 25, 2025
Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass... Low Unreviewed
CVE-2025-8558 was published Nov 3, 2025
Weblate leaks the IP of project member inviting user to be reviewer in Audit log Low
CVE-2025-64326 was published for weblate (pip) Nov 5, 2025
jermanuts nijel
Credited to jermanuts and nijel
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as... Low Unreviewed
CVE-2025-2349 was published Mar 17, 2025
min-document vulnerable to prototype pollution Low
CVE-2025-57352 was published for min-document (npm) Sep 24, 2025
G-Rath
Credited to G-Rath
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses Low
GHSA-w2jf-268q-mrvh was published for github.com/opentofu/opentofu (Go) Nov 6, 2025
Apereo CAS code injection vulnerability Low
CVE-2025-3984 was published for org.apereo.cas:cas-management-webapp-support (Maven) Apr 27, 2025
A denial-of-service issue was addressed with improved input validation. This issue is fixed in... Low Unreviewed
CVE-2025-43365 was published Nov 4, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and... Low Unreviewed
CVE-2025-43423 was published Nov 4, 2025
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release Low
CVE-2025-61795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability Low
CVE-2025-61581 was published for github.com/apache/trafficcontrol/v8 (Go) Oct 16, 2025
Django vulnerable to partial directory traversal via archives Low
CVE-2025-59682 was published for django (pip) Oct 1, 2025
Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users Low
CVE-2025-53678 was published for io.jenkins.plugins:user1st-utester (Maven) Jul 9, 2025
Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form Low
CVE-2025-53661 was published for io.jenkins.plugins:testsigma (Maven) Jul 9, 2025
Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to... Low Unreviewed
CVE-2025-21077 was published Nov 5, 2025
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout,... Low Unreviewed
CVE-2025-54812 was published Aug 22, 2025
7-Zip before 25.01 does not always properly handle symbolic links during extraction. Low Unreviewed
CVE-2025-55188 was published Aug 8, 2025
A transient execution vulnerability in some AMD processors may allow a user process to infer the... Low Unreviewed
CVE-2024-36348 was published Jul 8, 2025
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax... Low Unreviewed
CVE-2025-58183 was published Oct 30, 2025
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming... Low Unreviewed
CVE-2025-30187 was published Sep 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database