Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

112,524 advisories

Loading
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0 High Unreviewed
CVE-2025-52650 was published Oct 10, 2025
Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross... High Unreviewed
CVE-2025-25018 was published Oct 10, 2025
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site... High Unreviewed
CVE-2025-25017 was published Oct 10, 2025
Apache StreamPark contains an Incorrect Execution-Assigned Permissions vulnerability High
CVE-2025-30001 was published for org.apache.streampark:streampark (Maven) Oct 10, 2025
Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to... High Unreviewed
CVE-2025-21050 was published Oct 10, 2025
Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local... High Unreviewed
CVE-2025-21061 was published Oct 10, 2025
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows... High Unreviewed
CVE-2025-21062 was published Oct 10, 2025
Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to... High Unreviewed
CVE-2025-21064 was published Oct 10, 2025
Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android... High Unreviewed
CVE-2025-21058 was published Oct 10, 2025
cross-zip is vulnerable to Directory Traversal through selective use of zip/unzip operations High
CVE-2025-11569 was published for cross-zip (npm) Oct 10, 2025
NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file... High Unreviewed
CVE-2025-61871 was published Oct 10, 2025
Amazon.IonDotnet is vulnerable to Denial of Service attacks High
CVE-2025-11573 was published for Amazon.IonDotnet (NuGet) Oct 9, 2025
Redis Enterprise Elevation of Privilege Vulnerability High Unreviewed
CVE-2025-59271 was published Oct 9, 2025
The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login... High Unreviewed
CVE-2025-60375 was published Oct 9, 2025
Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' allows a remote,... High Unreviewed
CVE-2025-35058 was published Oct 9, 2025
Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote,... High Unreviewed
CVE-2025-35061 was published Oct 9, 2025
Azure PlayFab Elevation of Privilege Vulnerability High Unreviewed
CVE-2025-59247 was published Oct 9, 2025
Improper neutralization of input during web page generation ('cross-site scripting') in Azure... High Unreviewed
CVE-2025-55321 was published Oct 9, 2025
Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated... High Unreviewed
CVE-2025-35055 was published Oct 9, 2025
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to... High Unreviewed
CVE-2016-15047 was published Oct 9, 2025
D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability... High Unreviewed
CVE-2025-34248 was published Oct 9, 2025
Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem'... High Unreviewed
CVE-2025-35051 was published Oct 9, 2025
An improper input neutralization vulnerability in the management web interface of the Palo Alto... High Unreviewed
CVE-2025-4615 was published Oct 9, 2025
SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service High Unreviewed
CVE-2025-9817 was published Oct 9, 2025
A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function... High Unreviewed
CVE-2025-11550 was published Oct 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database