Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,668 advisories

Loading
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential... Low Unreviewed
CVE-2025-64352 was published Oct 31, 2025
If the value passed to os.path.expandvars() is user-controlled a performance degradation is... Low Unreviewed
CVE-2025-6075 was published Oct 31, 2025
Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows... Low Unreviewed
CVE-2025-64350 was published Oct 31, 2025
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on... Low Unreviewed
CVE-2025-36249 was published Oct 31, 2025
QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to... Low Unreviewed
CVE-2025-23050 was published Oct 31, 2025
In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor... Low Unreviewed
CVE-2025-8850 was published Oct 30, 2025
Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19... Low Unreviewed
CVE-2025-12517 was published Oct 30, 2025
Byaidu PDFMathTranslate vulnerable to open redirect Low
CVE-2025-50736 was published for pdf2zh (pip) Oct 30, 2025
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode Low
GHSA-cf57-c578-7jvv was published for github.com/TecharoHQ/anubis (Go) Oct 30, 2025
nijel mbiesiad
Credited to nijel and mbiesiad
Drupal Umami Analytics allows Cross-Site Scripting (XSS) Low
CVE-2025-10931 was published for drupal/umami_analytics (Composer) Oct 30, 2025
The NS Maintenance Mode for WP WordPress plugin through 1.3.1 does not sanitise and escape some... Low Unreviewed
CVE-2025-10636 was published Oct 30, 2025
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax... Low Unreviewed
CVE-2025-58183 was published Oct 30, 2025
A vulnerability has been identified in the libarchive library, specifically within the... Low Unreviewed
CVE-2025-5914 was published Jun 9, 2025
LiteLLM Information health API_KEY Information Disclosure Vulnerability. This vulnerability... Low Unreviewed
CVE-2025-11203 was published Oct 29, 2025
Keycloak allows access to admin path through flaw Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Oct 28, 2025
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function... Low Unreviewed
CVE-2025-11640 was published Oct 12, 2025
A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is... Low Unreviewed
CVE-2025-11644 was published Oct 12, 2025
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
A vulnerability was found in Intelbras InControl 2.21.60.9 and classified as problematic. This... Low Unreviewed
CVE-2025-8515 was published Aug 4, 2025
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting... Low Unreviewed
CVE-2025-8049 was published Oct 20, 2025
SQL Injection vulnerability in opentext Flipper allows SQL Injection.  The vulnerability could... Low Unreviewed
CVE-2025-8052 was published Oct 20, 2025
Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session... Low Unreviewed
CVE-2024-49709 was published Apr 14, 2025
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting... Low Unreviewed
CVE-2025-8053 was published Oct 20, 2025
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release Low
CVE-2025-61795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables Low
CVE-2025-61677 was published for datachain (pip) Oct 2, 2025
gothburz
Credited to gothburz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database