Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,893
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,582 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue... Low Unreviewed
CVE-2025-52634 was published Oct 10, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue... Low Unreviewed
CVE-2025-52630 was published Oct 10, 2025
A vulnerability  Cacheable SSL Page Found vulnerability has been identified in HCL AION.  ... Low Unreviewed
CVE-2025-52625 was published Oct 10, 2025
Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6... Low Unreviewed
CVE-2025-52655 was published Oct 10, 2025
Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows... Low Unreviewed
CVE-2025-21046 was published Oct 10, 2025
drupal-pattern-lab/unified-twig-extensions is vulnerable to XXS Low
CVE-2025-11570 was published for drupal-pattern-lab/unified-twig-extensions (Composer) Oct 10, 2025
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4... Low Unreviewed
CVE-2025-32916 was published Oct 9, 2025
In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire... Low Unreviewed
CVE-2025-5009 was published Oct 8, 2025
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This... Low Unreviewed
CVE-2025-11489 was published Oct 8, 2025
Deno's --deny-read check does not prevent permission bypass Low
CVE-2025-61786 was published for deno (Rust) Oct 8, 2025
dellalibera
Credited to dellalibera
Deno's --deny-write check does not prevent permission bypass Low
CVE-2025-61785 was published for deno (Rust) Oct 7, 2025
dellalibera
Credited to dellalibera
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written... Low Unreviewed
CVE-2025-62187 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Low Unreviewed
CVE-2025-43910 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Low Unreviewed
CVE-2025-43909 was published Oct 7, 2025
Generation of Predictable Numbers or Identifiers vulnerability in B&R Industrial Automation... Low Unreviewed
CVE-2025-3449 was published Oct 7, 2025
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to... Low Unreviewed
CVE-2025-61985 was published Oct 6, 2025
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain... Low Unreviewed
CVE-2025-61984 was published Oct 6, 2025
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long... Low Unreviewed
CVE-2025-59451 was published Oct 6, 2025
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct... Low Unreviewed
CVE-2025-59447 was published Oct 6, 2025
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace... Low Unreviewed
CVE-2025-58589 was published Oct 6, 2025
A user with the appropriate authorization can create any number of user accounts via an API ... Low Unreviewed
CVE-2025-58578 was published Oct 6, 2025
NovoSGA: Manipulation of User Creation Page can lead to weak password requirements Low
CVE-2025-11322 was published for novosga/novosga (Composer) Oct 6, 2025
A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function... Low Unreviewed
CVE-2025-11281 was published Oct 5, 2025
MCPHub's ServerController is vulnerable to Command Injection Low
CVE-2025-11285 was published for @samanhappy/mcphub (npm) Oct 5, 2025
HCL MyXalytics  6.6.  product is affected by Use of Vulnerable/Outdated Versions Vulnerability Low Unreviewed
CVE-2025-52658 was published Oct 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database