Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,395 advisories

Loading
A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous... Low Unreviewed
CVE-2025-10043 was published Sep 5, 2025
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of... Low Unreviewed
CVE-2025-9725 was published Sep 5, 2025
Atlantis Exposes Service Version Publicly on /status API Endpoint Low
CVE-2025-58445 was published for github.com/runatlantis/atlantis (Go) Sep 5, 2025
matthewmrichter
ImageMagick BlobStream Forward-Seek Under-Allocation Low
CVE-2025-57807 was published for Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet) Sep 5, 2025
mescuwa
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a... Low Unreviewed
CVE-2025-30200 was published Sep 5, 2025
In Permission Manager, there is a possible way for the microphone privacy indicator to remain... Low Unreviewed
CVE-2025-26461 was published Sep 5, 2025
A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of... Low Unreviewed
CVE-2025-10014 was published Sep 5, 2025
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a... Low Unreviewed
CVE-2025-30198 was published Sep 5, 2025
Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to... Low Unreviewed
CVE-2025-21038 was published Sep 5, 2025
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows... Low Unreviewed
CVE-2023-21471 was published Sep 5, 2025
Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3... Low Unreviewed
CVE-2025-21040 was published Sep 5, 2025
Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to... Low Unreviewed
CVE-2025-21039 was published Sep 5, 2025
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami... Low Unreviewed
CVE-2025-58866 was published Sep 5, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in PickPlugins Job Board... Low Unreviewed
CVE-2025-58827 was published Sep 5, 2025
Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor allows... Low Unreviewed
CVE-2025-58816 was published Sep 5, 2025
Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade... Low Unreviewed
CVE-2024-21977 was published Sep 5, 2025
In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic... Low Unreviewed
CVE-2025-26419 was published Sep 4, 2025
In multiple locations, there is a possible way to view icons belonging to another user due to a... Low Unreviewed
CVE-2025-0076 was published Sep 4, 2025
In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a... Low Unreviewed
CVE-2025-26428 was published Sep 4, 2025
Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions Low
CVE-2025-58056 was published for io.netty:netty-codec-http (Maven) Sep 4, 2025
JeppW JLLeitschuh
yawkat
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM... Low Unreviewed
CVE-2025-2667 was published Sep 4, 2025
PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps Low
GHSA-vxmw-7h4f-hqxh was published for pypa/gh-action-pypi-publish (GitHub Actions) Sep 4, 2025
woodruffw
Weblate has a long session expiry when verifying second factor Low
CVE-2025-58352 was published for Weblate (pip) Sep 4, 2025
nijel
Mautic vulnerable to SSRF via webhook function Low
CVE-2025-9821 was published for mautic/core (Composer) Sep 3, 2025
asesidaa patrykgruszka
kuzmany lukehebe
CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package Low
CVE-2025-58064 was published for @ckeditor/ckeditor5-clipboard (npm) Sep 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database