Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,395
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12,203 advisories

Loading
vantage6 lacks brute-force protection on change password functionality Low
CVE-2025-43863 was published for vantage6 (pip) Jun 12, 2025
An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11... Low Unreviewed
CVE-2025-5982 was published Jun 12, 2025
The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be... Low Unreviewed
CVE-2025-49198 was published Jun 12, 2025
An incorrect default permissions vulnerability was reported in the MotoSignature application that... Low Unreviewed
CVE-2025-1699 was published Jun 11, 2025
Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could... Low Unreviewed
CVE-2025-1698 was published Jun 11, 2025
Mattermost allows guest users to view information about public teams they are not members of Low
CVE-2025-4128 was published for github.com/mattermost/mattermost-server (Go) Jun 11, 2025
There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module.... Low Unreviewed
CVE-2025-5991 was published Jun 11, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2025-47096 was published Jun 11, 2025
The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0.... Low Unreviewed
CVE-2025-22829 was published Jun 11, 2025
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
GHSA-2x5j-vhc8-9cwm was published for github.com/cloudflare/circl (Go) Jun 10, 2025
Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF... Low Unreviewed
CVE-2025-36576 was published Jun 10, 2025
An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in... Low Unreviewed
CVE-2025-22251 was published Jun 10, 2025
An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before &... Low Unreviewed
CVE-2023-29184 was published Jun 10, 2025
Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML... Low Unreviewed
CVE-2025-42990 was published Jun 10, 2025
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an... Low Unreviewed
CVE-2025-42988 was published Jun 10, 2025
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post... Low Unreviewed
CVE-2025-0036 was published Jun 10, 2025
A vulnerability has been identified in the libarchive library, specifically within the... Low Unreviewed
CVE-2025-5914 was published Jun 9, 2025
A vulnerability has been identified in the libarchive library. This flaw can be triggered when... Low Unreviewed
CVE-2025-5918 was published Jun 9, 2025
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one'... Low Unreviewed
CVE-2025-5917 was published Jun 9, 2025
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap... Low Unreviewed
CVE-2025-5915 was published Jun 9, 2025
A vulnerability has been identified in the libarchive library. This flaw involves an integer... Low Unreviewed
CVE-2025-5916 was published Jun 9, 2025
brace-expansion Regular Expression Denial of Service vulnerability Low
CVE-2025-5889 was published for brace-expansion (npm) Jun 9, 2025
turi4200 carboneater
viceice
pm2 Regular Expression Denial of Service vulnerability Low
CVE-2025-5891 was published for pm2 (npm) Jun 9, 2025
mhassan1
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. Low Unreviewed
CVE-2025-27242 was published Jun 8, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer... Low Unreviewed
CVE-2025-25217 was published Jun 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database