Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,999
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,583 advisories

Loading
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a... Low Unreviewed
CVE-2025-23340 was published Sep 24, 2025
NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a... Low Unreviewed
CVE-2025-23346 was published Sep 24, 2025
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may... Low Unreviewed
CVE-2025-23339 was published Sep 24, 2025
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may... Low Unreviewed
CVE-2025-23308 was published Sep 24, 2025
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a... Low Unreviewed
CVE-2025-23248 was published Sep 24, 2025
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a... Low Unreviewed
CVE-2025-23255 was published Sep 24, 2025
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a... Low Unreviewed
CVE-2025-23271 was published Sep 24, 2025
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local... Low Unreviewed
CVE-2025-23273 was published Sep 24, 2025
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause... Low Unreviewed
CVE-2025-23338 was published Sep 24, 2025
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication... Low Unreviewed
CVE-2025-0672 was published Sep 23, 2025
GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability Low
CVE-2025-57407 was published for gp247/core (Composer) Sep 23, 2025
DNN Vulnerable to Stored XSS Using Backend Admin Credentials Low
CVE-2025-59546 was published for DotNetNuke.Core (NuGet) Sep 23, 2025
bdukes david-poindexter
valadas
Credited to bdukes, david-poindexter, and valadas
Missing Authorization vulnerability in codepeople CP Multi View Event Calendar allows Exploiting... Low Unreviewed
CVE-2025-58009 was published Sep 22, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask allows... Low Unreviewed
CVE-2025-58012 was published Sep 22, 2025
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown... Low Unreviewed
CVE-2025-10778 was published Sep 22, 2025
A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the... Low Unreviewed
CVE-2025-10767 was published Sep 22, 2025
Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal Low
GHSA-mm7x-qfjj-5g2c was published for ammonia (Rust) Sep 22, 2025
Mattermost boards plugin fails to restrict download access to files Low
CVE-2025-9081 was published for github.com/mattermost/mattermost-plugin-boards (Go) Sep 19, 2025
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local... Low Unreviewed
CVE-2023-21470 was published Sep 19, 2025
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local... Low Unreviewed
CVE-2023-21469 was published Sep 19, 2025
PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside... Low Unreviewed
CVE-2025-59691 was published Sep 19, 2025
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the... Low Unreviewed
CVE-2025-59692 was published Sep 19, 2025
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming... Low Unreviewed
CVE-2025-30187 was published Sep 18, 2025
Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival Low
CVE-2025-59414 was published for nuxt (npm) Sep 17, 2025
apyatko
Credited to apyatko
Dragonfly's directories created via os.MkdirAll are not checked for permissions Low
CVE-2025-59349 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database