Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

144,824 advisories

Loading
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores... Moderate Unreviewed
CVE-2025-36017 was published Dec 9, 2025
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could... Moderate Unreviewed
CVE-2025-36015 was published Dec 9, 2025
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service... Moderate Unreviewed
CVE-2025-36140 was published Dec 9, 2025
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is... Moderate Unreviewed
CVE-2025-33111 was published Dec 9, 2025
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user... Moderate Unreviewed
CVE-2025-64650 was published Dec 9, 2025
Static Web Server vulnerable to a symbolic link path traversal Moderate
CVE-2025-67487 was published for static-web-server (Rust) Dec 8, 2025
joseluisq
Credited to joseluisq
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content Moderate
CVE-2025-66470 was published for nicegui (pip) Dec 8, 2025
twmoon evnchn
falkoschindler
Credited to twmoon, evnchn, and falkoschindler
A stored cross-site scripting (XSS) vulnerability exists in the web interface of Lyrion Music... Moderate Unreviewed
CVE-2025-65229 was published Dec 8, 2025
Altcha Proof-of-Work obfuscation mode cryptanalytic break Moderate
CVE-2025-65849 was published for altcha (npm) Dec 8, 2025
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection Moderate
CVE-2025-66469 was published for nicegui (pip) Dec 8, 2025
twmoon evnchn
falkoschindler
Credited to twmoon, evnchn, and falkoschindler
Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which... Moderate Unreviewed
CVE-2025-65804 was published Dec 8, 2025
In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a... Moderate Unreviewed
CVE-2025-48608 was published Dec 8, 2025
A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this... Moderate Unreviewed
CVE-2025-14258 was published Dec 8, 2025
A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is... Moderate Unreviewed
CVE-2025-14259 was published Dec 8, 2025
In multiple locations, there is a possible permanent denial of service due to resource exhaustion... Moderate Unreviewed
CVE-2025-48569 was published Dec 8, 2025
A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap... Moderate Unreviewed
CVE-2025-59391 was published Dec 8, 2025
memos vulnerability allows arbitrarily modification or deletion registered identity providers Moderate
CVE-2025-65797 was published for github.com/usememos/memos (Go) Dec 8, 2025
Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated... Moderate Unreviewed
CVE-2025-65363 was published Dec 8, 2025
memos lacks file name validation or verification Moderate
CVE-2025-65799 was published for github.com/usememos/memos (Go) Dec 8, 2025
In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer... Moderate Unreviewed
CVE-2025-48622 was published Dec 8, 2025
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there... Moderate Unreviewed
CVE-2025-48576 was published Dec 8, 2025
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the... Moderate Unreviewed
CVE-2025-48584 was published Dec 8, 2025
In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak... Moderate Unreviewed
CVE-2025-48610 was published Dec 8, 2025
In multiple locations, there is a possible way to create a large amount of app ops due to a logic... Moderate Unreviewed
CVE-2025-48607 was published Dec 8, 2025
In multiple locations, there is a possible way to alter the primary user's face unlock settings... Moderate Unreviewed
CVE-2025-48598 was published Dec 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database