Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

398 advisories

Loading
A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS... Low Unreviewed
CVE-2025-12945 was published Dec 9, 2025
NutzBoot vulnerable to deserialization Low
CVE-2025-13805 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in... Low Unreviewed
CVE-2025-11934 was published Nov 22, 2025
With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is... Low Unreviewed
CVE-2025-12889 was published Nov 22, 2025
Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on... Low Unreviewed
CVE-2025-11933 was published Nov 22, 2025
Improper input validation in some firmware for some Intel(R) Graphics Drivers and Intel LTS... Low Unreviewed
CVE-2025-25216 was published Nov 11, 2025
Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files Low
CVE-2025-48985 was published for ai (npm) Nov 7, 2025
A denial-of-service issue was addressed with improved input validation. This issue is fixed in... Low Unreviewed
CVE-2025-43365 was published Nov 4, 2025
HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to... Low Unreviewed
CVE-2025-31995 was published Oct 13, 2025
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability,... Low Unreviewed
CVE-2025-11195 was published Sep 30, 2025
ml-logger deserialization vulnerability Low
CVE-2025-10950 was published for ml-logger (pip) Sep 25, 2025
A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of... Low Unreviewed
CVE-2025-10252 was published Sep 11, 2025
OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a... Low Unreviewed
CVE-2025-8662 was published Sep 3, 2025
Improper input validation in the Intel Edger8r Tool for some Intel(R) SGX SDK may allow an... Low Unreviewed
CVE-2025-32004 was published Aug 12, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. Low Unreviewed
CVE-2025-25212 was published Aug 11, 2025
A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This... Low Unreviewed
CVE-2025-8708 was published Aug 8, 2025
Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page Low
CVE-2025-8573 was published for concrete5/concrete5 (Composer) Aug 6, 2025
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a... Low Unreviewed
CVE-2025-5992 was published Jul 11, 2025
Transformers's Improper Input Validation vulnerability can be exploited through username injection Low
CVE-2025-3777 was published for transformers (pip) Jul 7, 2025
A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This... Low Unreviewed
CVE-2025-7060 was published Jul 4, 2025
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization Low
CVE-2025-6279 was published for upsonic (pip) Jun 19, 2025
Grafana long dashboard title or panel name causes unresponsives Low
CVE-2025-1088 was published for github.com/grafana/grafana (Go) Jun 18, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2025-47096 was published Jun 11, 2025
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
CVE-2025-8556 was published for github.com/cloudflare/circl (Go) Jun 10, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. Low Unreviewed
CVE-2025-27242 was published Jun 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database