Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,820 advisories

Loading
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android.... Low Unreviewed
CVE-2025-14111 was published Dec 6, 2025
Envoy forwards early CONNECT data in TCP proxy mode Low
CVE-2025-64763 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
yanavlasov agrawroh
Credited to botengyao, phlax, yanavlasov, and agrawroh
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an... Low Unreviewed
CVE-2025-12997 was published Dec 4, 2025
open-webui is Vulnerable to Incorrect Access Control Low
CVE-2025-63681 was published for open-webui (pip) Dec 4, 2025
Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing Low
CVE-2025-66479 was published for @anthropic-ai/sandbox-runtime (npm) Dec 4, 2025
A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the... Low Unreviewed
CVE-2025-14007 was published Dec 4, 2025
alexusmai laravel-file-manager is vulnerable to Directory Traversal Low
CVE-2025-65345 was published for alexusmai/laravel-file-manager (Composer) Dec 3, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20388 was published Dec 3, 2025
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20385 was published Dec 3, 2025
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20382 was published Dec 3, 2025
Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local... Low Unreviewed
CVE-2025-13751 was published Dec 3, 2025
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function Low
CVE-2025-66453 was published for org.mozilla:rhino (Maven) Dec 3, 2025
TechPizzaDev
Credited to TechPizzaDev
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a... Low Unreviewed
CVE-2025-12954 was published Dec 3, 2025
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local... Low Unreviewed
CVE-2025-13640 was published Dec 2, 2025
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is... Low Unreviewed
CVE-2025-9799 was published Dec 2, 2025
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Low Unreviewed
CVE-2025-59696 was published Dec 2, 2025
Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation Low
CVE-2025-65858 was published for calibreweb (pip) Dec 2, 2025
Mattermost fails to validate user permissions in Boards Low
CVE-2025-13870 was published for github.com/mattermost/mattermost (Go) Dec 2, 2025
Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7... Low Unreviewed
CVE-2025-13871 was published Dec 2, 2025
Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7... Low Unreviewed
CVE-2025-13872 was published Dec 2, 2025
In display, there is a possible out of bounds write due to a missing bounds check. This could... Low Unreviewed
CVE-2025-20769 was published Dec 2, 2025
Keycloak unable to restrict access to the admin console Low
CVE-2025-10939 was published for org.keycloak:keycloak-quarkus-server (Maven) Dec 2, 2025
maxminddb's `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe Low
GHSA-mj73-j457-8x9q was published for maxminddb (Rust) Dec 2, 2025
rtvm-interpreter lacks sufficient checks in public API Low
GHSA-pq5v-rwp8-p7gm was published for rtvm-interpreter (Rust) Dec 2, 2025
Better Auth affected by external request basePath modification DoS Low
GHSA-569q-mpph-wgww was published for better-auth (npm) Dec 1, 2025
goksan
Credited to goksan
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database