Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12,244 advisories

Loading
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message... Low Unreviewed
CVE-2025-24335 was published Jul 2, 2025
Cross-site request forgery vulnerability exists in Active! mail 6 BuildInfo: 6.60.06008562 and... Low Unreviewed
CVE-2025-52463 was published Jul 2, 2025
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of... Low Unreviewed
CVE-2025-4654 was published Jul 2, 2025
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the... Low Unreviewed
CVE-2025-32462 was published Jun 30, 2025
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS) Low
CVE-2025-45143 was published for string-math (npm) Jun 30, 2025
File Browser's password protection of links is bypassable Low
CVE-2025-52996 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce... Low Unreviewed
CVE-2025-40710 was published Jun 30, 2025
RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption... Low Unreviewed
CVE-2015-20112 was published Jun 29, 2025
An integer underflow in the image processing binary of the MIB3 infotainment unit allows an... Low Unreviewed
CVE-2023-28902 was published Jun 28, 2025
An integer overflow in the image processing binary of the MIB3 infotainment unit allows an... Low Unreviewed
CVE-2023-28903 was published Jun 28, 2025
Taylor has race condition in /get-patch that allows purchase token replay Low
GHSA-vh5j-5fhq-9xwg was published for taylored (npm) Jun 27, 2025
snyff
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build... Low Unreviewed
CVE-2025-52992 was published Jun 27, 2025
The Nix, Lix, and Guix package managers default to using temporary build directories in a world... Low Unreviewed
CVE-2025-52991 was published Jun 27, 2025
The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can... Low Unreviewed
CVE-2025-46416 was published Jun 27, 2025
A race condition in the Nix, Lix, and Guix package managers allows the removal of content from... Low Unreviewed
CVE-2025-46415 was published Jun 27, 2025
Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded... Low Unreviewed
CVE-2025-47823 was published Jun 27, 2025
A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on... Low Unreviewed
CVE-2025-6748 was published Jun 27, 2025
Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code. Low Unreviewed
CVE-2025-47820 was published Jun 27, 2025
Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection. Low Unreviewed
CVE-2025-47818 was published Jun 27, 2025
Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system. Low Unreviewed
CVE-2025-47821 was published Jun 27, 2025
Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage... Low Unreviewed
CVE-2025-47824 was published Jun 27, 2025
JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing certain components Low
CVE-2025-6736 was published for juzaweb/cms (Composer) Jun 27, 2025
JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing Import Page component Low
CVE-2025-6735 was published for juzaweb/cms (Composer) Jun 27, 2025
pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability. Low Unreviewed
CVE-2015-0849 was published Jun 27, 2025
A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an... Low Unreviewed
CVE-2025-3722 was published Jun 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database