Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,579 advisories

Loading
Grafana-Zabbix ReDoS vulnerability Moderate
CVE-2025-10630 was published for github.com/alexanderzobnin/grafana-zabbix (Go) Sep 19, 2025
NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may... High Unreviewed
CVE-2025-23268 was published Sep 18, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker... Moderate Unreviewed
CVE-2025-23336 was published Sep 18, 2025
Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch Critical
GHSA-j424-mc44-f4hj was published for picklescan (pip) Sep 17, 2025 withdrawn
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another Moderate
CVE-2025-59160 was published for matrix-js-sdk (npm) Sep 16, 2025
cai0duque
Credited to cai0duque
The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS... High Unreviewed
CVE-2025-43372 was published Sep 16, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 26, watchOS... Critical Unreviewed
CVE-2025-43347 was published Sep 16, 2025
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an... Moderate Unreviewed
CVE-2025-43375 was published Sep 16, 2025
A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26... Critical Unreviewed
CVE-2025-43342 was published Sep 16, 2025
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43299 was published Sep 16, 2025
The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7... Moderate Unreviewed
CVE-2025-43293 was published Sep 16, 2025
A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some... Moderate Unreviewed
CVE-2025-10433 was published Sep 15, 2025
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw... Moderate Unreviewed
CVE-2024-45431 was published Sep 12, 2025
A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of... Low Unreviewed
CVE-2025-10252 was published Sep 11, 2025
Picklescan Bypass is Possible via File Extension Mismatch Critical
CVE-2025-10155 was published for picklescan (pip) Sep 10, 2025
Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation Critical
CVE-2025-54123 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Credited to Kr1shna4garwal
An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via... High Unreviewed
CVE-2025-56404 was published Sep 10, 2025
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor Moderate
CVE-2025-10164 was published for sglang (pip) Sep 9, 2025
m1ssya
Credited to m1ssya
TinyEnv: Inline comments not stripped properly in .env values Moderate
CVE-2025-58759 was published for datahihi1/tiny-env (Composer) Sep 9, 2025
Element Plus Link component (el-link) implements insufficient input validation for the href attribute Moderate
CVE-2025-57665 was published for element-plus (npm) Sep 9, 2025
EwenDC
Credited to EwenDC
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input... Moderate Unreviewed
CVE-2025-54247 was published Sep 9, 2025
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input... High Unreviewed
CVE-2025-54248 was published Sep 9, 2025
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input... Moderate Unreviewed
CVE-2025-54250 was published Sep 9, 2025
Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an... Moderate Unreviewed
CVE-2025-53809 was published Sep 9, 2025
Apache DolphinScheduler vulnerable to Alert Script Attack High
CVE-2024-43115 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database