Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,676 advisories

Loading
Wasmtime vulnerable to segfault when using component resources Low
CVE-2025-62711 was published for wasmtime (Rust) Oct 27, 2025
alexcrichton
Credited to alexcrichton
Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless... Low Unreviewed
CVE-2025-26862 was published Oct 27, 2025
ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a... Low Unreviewed
CVE-2025-11248 was published Oct 27, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and... Low Unreviewed
CVE-2025-6601 was published Oct 27, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18... Low Unreviewed
CVE-2025-11989 was published Oct 27, 2025
Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU... Low Unreviewed
CVE-2025-12221 was published Oct 25, 2025
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for... Low Unreviewed
CVE-2025-11888 was published Oct 25, 2025
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address... Low Unreviewed
CVE-2025-11244 was published Oct 25, 2025
Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code. Low Unreviewed
CVE-2025-47820 was published Jun 27, 2025
Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection. Low Unreviewed
CVE-2025-47818 was published Jun 27, 2025
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before... Low Unreviewed
CVE-2025-10723 was published Oct 24, 2025
Magento does not properly protect credentials Low
CVE-2025-27192 was published for magento/community-edition (Composer) Apr 8, 2025
Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page Low
CVE-2025-62255 was published for com.liferay:com.liferay.knowledge.base.web (Maven) Oct 23, 2025
vet MCP Server SSE Transport DNS Rebinding Vulnerability Low
CVE-2025-59163 was published for github.com/safedep/vet (Go) Sep 29, 2025
eharris128
Credited to eharris128
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace Low
GHSA-q6hv-wcjr-wp8h was published for github.com/kcp-dev/kcp (Go) Sep 26, 2025
SimonTheLeg embik
Credited to SimonTheLeg and embik
Omni Wireguard SideroLink potential escape Low
CVE-2025-59824 was published for github.com/siderolabs/omni (Go) Sep 24, 2025
smira Unix4ever
Credited to smira and Unix4ever
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
CVE-2025-8556 was published for github.com/cloudflare/circl (Go) Jun 10, 2025
An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in... Low Unreviewed
CVE-2025-1680 was published Oct 23, 2025
Liferay Portal and DXP are Missing Authorization in Collection Provider Low
CVE-2025-62247 was published for com.liferay:com.liferay.search.experiences.service (Maven) Oct 22, 2025
Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). ... Low Unreviewed
CVE-2025-61755 was published Oct 21, 2025
Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported... Low Unreviewed
CVE-2025-53051 was published Oct 21, 2025
Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that... Low Unreviewed
CVE-2025-61749 was published Oct 21, 2025
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... Low Unreviewed
CVE-2025-61748 was published Oct 21, 2025
Magento Authenticated Security feature bypass Low
CVE-2025-49549 was published for magento/community-edition (Composer) Jun 26, 2025
Mattermost Server allows System Admin to modify LDAP account names and email addresses Low
CVE-2016-11077 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database