Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,291
NuGet
760
pip
4,070
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,510 advisories

Loading
md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter Critical
GHSA-547r-qmjm-8hvw was published for md-to-pdf (npm) Nov 20, 2025
Prodigysec
Credited to Prodigysec
@hpke/core reuses AEAD nonces Critical
CVE-2025-64767 was published for @hpke/core (npm) Nov 20, 2025
panva
Credited to panva
An attacker could take over a Looker account in a Looker instance configured with OIDC... Critical Unreviewed
CVE-2025-12414 was published Nov 20, 2025
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An... Critical Unreviewed
CVE-2025-13315 was published Nov 19, 2025
The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is... Critical Unreviewed
CVE-2025-63210 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed
CVE-2025-34329 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed
CVE-2025-34328 was published Nov 19, 2025
The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper... Critical Unreviewed
CVE-2025-63224 was published Nov 19, 2025
Legacy Vivotek Device firmware uses default credetials for the root and user login accounts. Critical Unreviewed
CVE-2025-12592 was published Nov 19, 2025
The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable... Critical Unreviewed
CVE-2025-63218 was published Nov 19, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-10437 was published Nov 19, 2025
Apache Causeway vulnerable to deserialization in Java Critical
CVE-2025-64408 was published for org.apache.causeway.commons:causeway-commons (Maven) Nov 19, 2025
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as... Critical Unreviewed
CVE-2025-12057 was published Nov 19, 2025
When the service of ABP and AES is installed in a directory writable by non-administrative users,... Critical Unreviewed
CVE-2025-13051 was published Nov 19, 2025
The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to... Critical Unreviewed
CVE-2025-63216 was published Nov 19, 2025
The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper... Critical Unreviewed
CVE-2025-63217 was published Nov 19, 2025
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an... Critical Unreviewed
CVE-2025-63228 was published Nov 18, 2025
Modular Max Serve has Unsafe Deserialization vulnerability Critical
CVE-2025-60455 was published for modular (pip) Nov 18, 2025
The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access... Critical Unreviewed
CVE-2025-63225 was published Nov 18, 2025
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password... Critical Unreviewed
CVE-2025-54321 was published Nov 18, 2025
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php... Critical Unreviewed
CVE-2025-63695 was published Nov 18, 2025
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user... Critical Unreviewed
CVE-2025-56643 was published Nov 18, 2025
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage. Critical Unreviewed
CVE-2025-63694 was published Nov 18, 2025
Eclipse Jersey has a Race Condition Critical
CVE-2025-12383 was published for org.glassfish.jersey.core:jersey-client (Maven) Nov 18, 2025
irene221b
Credited to irene221b
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads Critical
CVE-2025-65015 was published for joserfc (pip) Nov 18, 2025
ooliv
Credited to ooliv
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database