Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,667
Maven
5,000+
npm
4,295
NuGet
760
pip
4,073
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

143,487 advisories

Loading
When zx is invoked with --prefer-local=<path>, the CLI creates a symlink named ./node_modules... Moderate Unreviewed
CVE-2025-13437 was published Nov 20, 2025
IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information,... Moderate Unreviewed
CVE-2025-36161 was published Nov 20, 2025
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1... Moderate Unreviewed
CVE-2024-10126 was published Nov 20, 2024
In the Linux kernel, the following vulnerability has been resolved: fpga: fix potential null... Moderate Unreviewed
CVE-2025-38274 was published Jul 10, 2025
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious... Moderate Unreviewed
CVE-2025-59112 was published Nov 18, 2025
Windu CMS implements weak client-side brute-force protection by using parameter loginError.... Moderate Unreviewed
CVE-2025-59113 was published Nov 18, 2025
Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /_image endpoint Moderate
CVE-2025-65019 was published for astro (npm) Nov 19, 2025
zomaxsec
Credited to zomaxsec
marimo vulnerable to proxy abuse of /mpl/{port}/ Moderate
GHSA-xjv7-6w92-42r7 was published for marimo (pip) Oct 1, 2025
acepace
Credited to acepace
golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read Moderate
CVE-2025-47914 was published for golang.org/x/crypto (Go) Nov 19, 2025
leonklingele
Credited to leonklingele
Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page... Moderate Unreviewed
CVE-2025-59117 was published Nov 18, 2025
Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with... Moderate Unreviewed
CVE-2025-64984 was published Nov 20, 2025
Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects... Moderate Unreviewed
CVE-2025-41075 was published Nov 20, 2025
In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by... Moderate Unreviewed
CVE-2025-41076 was published Nov 20, 2025
Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2025-5092 was published Nov 20, 2025
A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An... Moderate Unreviewed
CVE-2025-62346 was published Nov 20, 2025
A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some... Moderate Unreviewed
CVE-2025-13449 was published Nov 20, 2025
Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects... Moderate Unreviewed
CVE-2025-41074 was published Nov 20, 2025
A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3... Moderate Unreviewed
CVE-2025-13469 was published Nov 20, 2025
A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this... Moderate Unreviewed
CVE-2025-13442 was published Nov 20, 2025
The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is... Moderate Unreviewed
CVE-2025-12778 was published Nov 20, 2025
A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects... Moderate Unreviewed
CVE-2025-13468 was published Nov 20, 2025
A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown... Moderate Unreviewed
CVE-2025-13434 was published Nov 20, 2025
A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is... Moderate Unreviewed
CVE-2025-13451 was published Nov 20, 2025
A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown... Moderate Unreviewed
CVE-2025-13450 was published Nov 20, 2025
A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the... Moderate Unreviewed
CVE-2025-13443 was published Nov 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database