Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,752 advisories

Loading
Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported... Low Unreviewed
CVE-2025-53051 was published Oct 21, 2025
uv has differential in tar extraction with PAX headers Low
GHSA-w476-p2h3-79g9 was published for uv (pip) Oct 21, 2025
woodruffw zanieb
Credited to woodruffw and zanieb
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice Low
GHSA-3cpp-fv95-mpr5 was published for shopware/core (Composer) Oct 21, 2025
larskemper
Credited to larskemper
Shopware vulnerable to path traversal via Plugin upload Low
GHSA-6wh5-mw9h-5c3w was published for shopware/core (Composer) Oct 21, 2025
Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that... Low Unreviewed
CVE-2025-11624 was published Oct 21, 2025
A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown... Low Unreviewed
CVE-2025-9806 was published Oct 21, 2025
ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4... Low Unreviewed
CVE-2025-5496 was published Oct 21, 2025
SQL Injection vulnerability in opentext Flipper allows SQL Injection.  The vulnerability could... Low Unreviewed
CVE-2025-8052 was published Oct 20, 2025
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting... Low Unreviewed
CVE-2025-8049 was published Oct 20, 2025
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting... Low Unreviewed
CVE-2025-8053 was published Oct 20, 2025
rollbar vulnerable to prototype pollution Low
CVE-2025-57325 was published for rollbar (npm) Oct 20, 2025
waltjones brianr
Credited to waltjones and brianr
TastyIgniter vulnerable to Cross-Site Scripting Low
CVE-2025-61417 was published for tastyigniter/tastyigniter (Composer) Oct 20, 2025
Tileservice module is affected by information leak vulnerability, successful exploitation of this... Low Unreviewed
CVE-2025-57837 was published Oct 20, 2025
A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the... Low Unreviewed
CVE-2025-11947 was published Oct 20, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Low Unreviewed
CVE-2025-62655 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-62653 was published Oct 18, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-62654 was published Oct 18, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits... Low Unreviewed
CVE-2025-62643 was published Oct 17, 2025
Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module Low
CVE-2025-62505 was published for @lobehub/chat (npm) Oct 17, 2025
im-soohyun
Credited to im-soohyun
radare2 v5.9.8 and before contains a memory leak in the function bochs_open. Low Unreviewed
CVE-2025-60361 was published Oct 17, 2025
radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init. Low Unreviewed
CVE-2025-60360 was published Oct 17, 2025
In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to... Low Unreviewed
CVE-2025-11896 was published Oct 17, 2025
LibreNMS alert-rules has a Cross-Site Scripting Vulnerability Low
CVE-2025-62412 was published for librenms/librenms (Composer) Oct 16, 2025
zdi-disclosures
Credited to zdi-disclosures
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice Low
CVE-2025-61924 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o
Credited to iNem0o
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability Low
CVE-2025-61581 was published for github.com/apache/trafficcontrol/v8 (Go) Oct 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database