Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,748
Maven
5,000+
npm
4,351
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,860 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows... Low Unreviewed
CVE-2023-29144 was published Dec 12, 2025
Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images Low
CVE-2025-13785 was published for yungifez/skuul (Composer) Nov 30, 2025
Skuul School Management System has an Insecure Direct Object Reference (IDOR) Vulnerability in View Fee Invoice Low
CVE-2025-12918 was published for yungifez/skuul (Composer) Nov 9, 2025
AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE Low
CVE-2025-67737 was published for azuracast/azuracast (Composer) Dec 11, 2025
Cillian-Collins
Credited to Cillian-Collins
EverShop is vulnerable to Unauthorized Order Information Access (IDOR) Low
CVE-2025-12919 was published for @evershop/evershop (npm) Nov 9, 2025
Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local... Low Unreviewed
CVE-2025-13751 was published Dec 3, 2025
The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed... Low Unreviewed
CVE-2025-36755 was published Dec 12, 2025
SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader... Low Unreviewed
CVE-2025-36744 was published Dec 12, 2025
The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all... Low Unreviewed
CVE-2025-10583 was published Dec 12, 2025
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2.... Low Unreviewed
CVE-2025-55307 was published Dec 11, 2025
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's... Low Unreviewed
CVE-2025-67740 was published Dec 11, 2025
Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into... Low Unreviewed
CVE-2025-13912 was published Dec 11, 2025
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload Low Unreviewed
CVE-2025-67742 was published Dec 11, 2025
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local... Low Unreviewed
CVE-2025-67739 was published Dec 11, 2025
maxminddb's `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe Low
GHSA-mj73-j457-8x9q was published for maxminddb (Rust) Dec 2, 2025
oschwald
Credited to oschwald
Improper Validation of Query Parameters in Auth0 Next.js SDK Low
CVE-2025-67716 was published for @auth0/nextjs-auth0 (npm) Dec 10, 2025
MegaManSec
Credited to MegaManSec
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18... Low Unreviewed
CVE-2025-12734 was published Dec 11, 2025
A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the... Low Unreviewed
CVE-2025-14485 was published Dec 11, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.4.5, 18... Low Unreviewed
CVE-2025-13611 was published Nov 26, 2025
Envoy forwards early CONNECT data in TCP proxy mode Low
CVE-2025-64763 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyaophlax
yanavlasovagrawrohchasingimpact
Credited to botengyao, phlax, yanavlasov, agrawroh, and chasingimpact
Jenkins has a CSRF vulnerability on the login form Low
CVE-2025-67639 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool... Low Unreviewed
CVE-2025-5467 was published Dec 10, 2025
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions Low
CVE-2025-14082 was published for org.keycloak:keycloak-services (Maven) Dec 10, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-13127 was published Dec 10, 2025
@tiptap/extension-link vulnerable to Cross-site Scripting (XSS) Low
CVE-2025-14284 was published for @tiptap/extension-link (npm) Dec 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database