Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,807
Erlang
36
GitHub Actions
31
Go
2,390
Maven
5,000+
npm
4,026
NuGet
720
pip
3,815
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12,198 advisories

Loading
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message... Low Unreviewed
CVE-2025-24335 was published Jul 2, 2025
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the... Low Unreviewed
CVE-2025-24334 was published Jul 2, 2025
pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability. Low Unreviewed
CVE-2015-0849 was published Jun 27, 2025
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache Low
CVE-2025-25183 was published for vllm (pip) Feb 6, 2025
kexinoh russellb
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and... Low Unreviewed
CVE-2025-52463 was published Jul 2, 2025
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of... Low Unreviewed
CVE-2025-4654 was published Jul 2, 2025
File Browser's password protection of links is bypassable Low
CVE-2025-52996 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow Low
CVE-2025-6494 was published for nokogiri (RubyGems) Jun 23, 2025 withdrawn
flavorjones
sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow Low
CVE-2025-6490 was published for nokogiri (RubyGems) Jun 22, 2025 withdrawn
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS) Low
CVE-2025-45143 was published for string-math (npm) Jun 30, 2025
Yealink YMCS RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force... Low Unreviewed
CVE-2025-52916 was published Jun 22, 2025
Taylor has race condition in /get-patch that allows purchase token replay Low
GHSA-vh5j-5fhq-9xwg was published for taylored (npm) Jun 27, 2025
snyff
Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce... Low Unreviewed
CVE-2025-40710 was published Jun 30, 2025
Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode Low
CVE-2025-6624 was published for github.com/snyk/go-application-framework (Go) Jun 26, 2025
RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption... Low Unreviewed
CVE-2015-20112 was published Jun 29, 2025
An integer overflow in the image processing binary of the MIB3 infotainment unit allows an... Low Unreviewed
CVE-2023-28903 was published Jun 28, 2025
An integer underflow in the image processing binary of the MIB3 infotainment unit allows an... Low Unreviewed
CVE-2023-28902 was published Jun 28, 2025
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks Low
CVE-2025-52889 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obp-anssi
zkVM Underconstrained Vulnerability Low
CVE-2025-52484 was published for risc0-circuit-rv32im (Rust) Jun 20, 2025
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
tal-sealsecurity
Vault Community Edition rekey and recovery key operations can cause denial of service Low
CVE-2025-4656 was published for github.com/hashicorp/vault (Go) Jun 26, 2025
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching Low
CVE-2025-46570 was published for vllm (pip) May 28, 2025
russellb dr75
DarkLight1337
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs... Low Unreviewed
CVE-2025-4227 was published Jun 13, 2025
A race condition in the Nix, Lix, and Guix package managers allows the removal of content from... Low Unreviewed
CVE-2025-46415 was published Jun 27, 2025
The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can... Low Unreviewed
CVE-2025-46416 was published Jun 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database