Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,395
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

109,805 advisories

Loading
Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12,... High Unreviewed
CVE-2025-8034 was published Jul 22, 2025
Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This... High Unreviewed
CVE-2025-8029 was published Jul 22, 2025
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing... High Unreviewed
CVE-2025-8036 was published Jul 22, 2025
XSLT document loading did not correctly propagate the source document which bypassed its CSP.... High Unreviewed
CVE-2025-8032 was published Jul 22, 2025
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user... High Unreviewed
CVE-2025-8030 was published Jul 22, 2025
Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and... High Unreviewed
CVE-2025-8040 was published Jul 22, 2025
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0,... High Unreviewed
CVE-2025-8035 was published Jul 22, 2025
In some cases search terms persisted in the URL bar even after navigating away from the search... High Unreviewed
CVE-2025-8039 was published Jul 22, 2025
A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message... High Unreviewed
CVE-2025-36520 was published Jul 22, 2025
A null pointer dereference vulnerability exists in the Distributed Transaction component of... High Unreviewed
CVE-2025-48498 was published Jul 22, 2025
A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation... High Unreviewed
CVE-2025-46354 was published Jul 22, 2025
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds... High Unreviewed
CVE-2025-5042 was published Jul 22, 2025
Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote attackers to write arbitrary... High Unreviewed
CVE-2025-51463 was published Jul 22, 2025
Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0... High Unreviewed
CVE-2025-51480 was published Jul 22, 2025
Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai... High Unreviewed
CVE-2025-51482 was published Jul 22, 2025
Use of weak credentials in emergency authentication component in Devolutions Server allows an... High Unreviewed
CVE-2025-6523 was published Jul 22, 2025
Improper access control in secure message component in Devolutions Server allows an authenticated... High Unreviewed
CVE-2025-6741 was published Jul 22, 2025
A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated... High Unreviewed
CVE-2025-8019 was published Jul 22, 2025
A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a... High Unreviewed
CVE-2025-36512 was published Jul 22, 2025
A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message... High Unreviewed
CVE-2025-35966 was published Jul 22, 2025
Ai2 playground web service (playground.allenai.org) LLM chat through 2025-06-03 is vulnerable to... High Unreviewed
CVE-2025-51865 was published Jul 22, 2025
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected... High Unreviewed
CVE-2025-8017 was published Jul 22, 2025
The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions,... High Unreviewed
CVE-2015-10140 was published Jul 22, 2025
An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms).... High Unreviewed
CVE-2025-34140 was published Jul 22, 2025
Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources High
CVE-2025-53942 was published for goauthentik.io (Go) Jul 22, 2025
pascalwei
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database