Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,746
Maven
5,000+
npm
4,350
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

305,429 advisories

Filter by severity
All severities
Low
Moderate
High
Critical
Loading
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up High
GHSA-5j59-xgg2-r9c4 was published for next (npm) Dec 12, 2025
Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images Low
CVE-2025-13785 was published for yungifez/skuul (Composer) Nov 30, 2025
Apache HugeGraph-Server: RAFT and deserialization vulnerability High
CVE-2025-26866 was published for org.apache.hugegraph:hg-pd-core (Maven) Dec 12, 2025
pgadmin4 has a Meta-Command Filter Command Execution Critical
CVE-2025-13780 was published for pgadmin4 (pip) Dec 11, 2025
zeropwnCycloctane
Credited to zeropwn and Cycloctane
Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components Moderate
GHSA-c6m7-q6pr-c64r was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Vite Plugin React has a Denial of Service Vulnerability in React Server Components High
GHSA-cpqf-f22c-r95x was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
FoF Pretty Mail has a server-side template injection vulnerability High
CVE-2024-58303 was published for fof/pretty-mail (Composer) Dec 12, 2025
Skuul School Management System has an Insecure Direct Object Reference (IDOR) Vulnerability in View Fee Invoice Low
CVE-2025-12918 was published for yungifez/skuul (Composer) Nov 9, 2025
Denial of Service Vulnerability in React Server Components High
CVE-2025-67779 was published for react-server-dom-parcel (npm) Dec 12, 2025
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values Critical
CVE-2025-66565 was published for github.com/gofiber/utils (Go) Dec 8, 2025
sixcolors
Credited to sixcolors
Servify-express rate limit issue High
CVE-2025-67731 was published for servify-express (npm) Dec 11, 2025
Aarondoran
Credited to Aarondoran
AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE Low
CVE-2025-67737 was published for azuracast/azuracast (Composer) Dec 11, 2025
Cillian-Collins
Credited to Cillian-Collins
gardenctl is vulnerable to Command Injection when used with non‑POSIX shells High
CVE-2025-67508 was published for github.com/gardener/gardenctl-v2 (Go) Dec 11, 2025
petersutterdonistz
JordanJordanovHeckEK
Credited to petersutter, donistz, JordanJordanov, and HeckEK
EverShop is vulnerable to Unauthorized Order Information Access (IDOR) Low
CVE-2025-12919 was published for @evershop/evershop (npm) Nov 9, 2025
Undertow MadeYouReset HTTP/2 DDoS Vulnerability High
CVE-2025-9784 was published for io.undertow:undertow-core (Maven) Sep 2, 2025
fawind
Credited to fawind
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined... Moderate Unreviewed
CVE-2022-50390 was published Sep 18, 2025
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8183: fix... Moderate Unreviewed
CVE-2022-50392 was published Sep 18, 2025
Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local... Low Unreviewed
CVE-2025-13751 was published Dec 3, 2025
The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed... Low Unreviewed
CVE-2025-36755 was published Dec 12, 2025
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient... High Unreviewed
CVE-2025-58770 was published Dec 12, 2025
SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in... High Unreviewed
CVE-2025-36745 was published Dec 12, 2025
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random... Unknown Unreviewed
CVE-2025-54981 was published Dec 12, 2025
SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors,... High Unreviewed
CVE-2025-36743 was published Dec 12, 2025
SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader... Low Unreviewed
CVE-2025-36744 was published Dec 12, 2025
SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an... Moderate Unreviewed
CVE-2025-36746 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database