Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,628 advisories

Loading
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote... High Unreviewed
CVE-2025-54306 was published Dec 4, 2025
A flaw was found in Undertow that can cause remote denial of service attacks. When the server... High Unreviewed
CVE-2024-3884 was published Dec 3, 2025
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10,... Moderate Unreviewed
CVE-2025-20389 was published Dec 3, 2025
Claude Code Command Validation Bypass Allows Arbitrary Code Execution High
CVE-2025-66032 was published for @anthropic-ai/claude-code (npm) Dec 3, 2025
Ry0taK
Credited to Ry0taK
FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management Moderate
CVE-2025-65657 was published for feehi/cms (Composer) Dec 2, 2025
mdast-util-to-hast has unsanitized class attribute Moderate
CVE-2025-66400 was published for mdast-util-to-hast (npm) Dec 2, 2025
Improper input validation in the BitstreamWriter::write_bits() function of Tempus Ex hello-video... Moderate Unreviewed
CVE-2025-63095 was published Dec 1, 2025
A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware... High Unreviewed
CVE-2025-26858 was published Dec 1, 2025
NutzBoot vulnerable to deserialization Low
CVE-2025-13805 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
A vulnerability in Automated Logic and Carrier's Zone Controller via BACnet protocol causes the... High Unreviewed
CVE-2025-0658 was published Nov 27, 2025
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on... Moderate Unreviewed
CVE-2025-13762 was published Nov 27, 2025
Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica... Critical Unreviewed
CVE-2025-66259 was published Nov 26, 2025
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by... High Unreviewed
CVE-2025-0248 was published Nov 25, 2025
NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause... Moderate Unreviewed
CVE-2025-33191 was published Nov 25, 2025
A Looker user with Developer role could create a database connection using Denodo driver and, by... High Unreviewed
CVE-2025-12741 was published Nov 24, 2025
A Looker user with a Developer role could create a database connection using IBM DB2 driver and,... High Unreviewed
CVE-2025-12740 was published Nov 24, 2025
Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple... Moderate Unreviewed
CVE-2025-11936 was published Nov 22, 2025
Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in... Low Unreviewed
CVE-2025-11934 was published Nov 22, 2025
Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on... Low Unreviewed
CVE-2025-11933 was published Nov 22, 2025
With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is... Low Unreviewed
CVE-2025-12889 was published Nov 22, 2025
vLLM deserialization vulnerability leading to DoS and potential RCE High
CVE-2025-62164 was published for vllm (pip) Nov 20, 2025
omriaxion russellb
DarkLight1337 Isotr0py ywang96
Credited to omriaxion, russellb, DarkLight1337, Isotr0py, and ywang96
Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 (UPnP modules), which... High Unreviewed
CVE-2025-11676 was published Nov 20, 2025
The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code... Critical Unreviewed
CVE-2025-63213 was published Nov 19, 2025
The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12842 was published Nov 19, 2025
CWE-20 Improper Input Validation Moderate Unreviewed
CVE-2025-55058 was published Nov 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database