Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,820 advisories

Loading
Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels Low
CVE-2025-13083 was published for drupal/core (Composer) Nov 18, 2025
An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3,... Low Unreviewed
CVE-2025-54821 was published Nov 18, 2025
Mattermost allows other users to determine when users had read channels via channel member objects Low
CVE-2025-55074 was published for github.com/mattermost/mattermost-server (Go) Nov 18, 2025
Drupal Simple multi step form allows Cross-Site Scripting Low
CVE-2025-12761 was published for drupal/simple_multistep (Composer) Nov 18, 2025
LibreNMS has Weak Password Policy Low
CVE-2025-65014 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an... Low Unreviewed
CVE-2025-64734 was published Nov 18, 2025
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without... Low Unreviewed
CVE-2025-12792 was published Nov 18, 2025
Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 Révolution... Low Unreviewed
CVE-2025-63292 was published Nov 17, 2025
GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy... Low Unreviewed
CVE-2025-65083 was published Nov 17, 2025
Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10... Low Unreviewed
CVE-2025-60022 was published Nov 17, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4... Low Unreviewed
CVE-2025-6945 was published Nov 15, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18... Low Unreviewed
CVE-2025-12983 was published Nov 15, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18... Low Unreviewed
CVE-2025-7736 was published Nov 15, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and... Low Unreviewed
CVE-2025-11990 was published Nov 15, 2025
PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users Low
CVE-2025-64711 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard rugk
Ribas160
Credited to esnard, rugk, and Ribas160
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11... Low Unreviewed
CVE-2025-54342 was published Nov 14, 2025
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert... Low Unreviewed
CVE-2025-54560 was published Nov 14, 2025
An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows... Low Unreviewed
CVE-2025-4617 was published Nov 14, 2025
An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1... Low Unreviewed
CVE-2025-54559 was published Nov 14, 2025
An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma®... Low Unreviewed
CVE-2025-4616 was published Nov 14, 2025
Mattermost allows regular users to access archived channel content and files Low
CVE-2025-41436 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
SpiceDB WriteRelationships fails silently if payload is too big Low
CVE-2025-64529 was published for github.com/authzed/spicedb (Go) Nov 13, 2025
Astro development server error page is vulnerable to reflected Cross-site Scripting Low
CVE-2025-64745 was published for astro (npm) Nov 13, 2025
pHo9UBenaA delucis
florian-lefebvre
Credited to pHo9UBenaA, delucis, and florian-lefebvre
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control... Low Unreviewed
CVE-2025-46370 was published Nov 13, 2025
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-11777 was published for github.com/mattermost/mattermost (Go) Nov 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database