Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,055 advisories

Loading
Improper neutralization of special elements used in a command ('command injection') in Visual... High Unreviewed
CVE-2025-62222 was published Nov 11, 2025
Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring... High Unreviewed
CVE-2025-33000 was published Nov 11, 2025
Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001... High Unreviewed
CVE-2025-24299 was published Nov 11, 2025
Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80... High Unreviewed
CVE-2025-12907 was published Nov 8, 2025
A Broken Object Level Authorization (BOLA) vulnerability was discovered in the tRPC project... High Unreviewed
CVE-2025-63783 was published Nov 7, 2025
MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle... High Unreviewed
CVE-2025-61084 was published Nov 5, 2025
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS... High Unreviewed
CVE-2025-43472 was published Nov 4, 2025
A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS... High Unreviewed
CVE-2025-43401 was published Nov 4, 2025
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron
Credited to masasron
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that... High Unreviewed
CVE-2025-60938 was published Oct 24, 2025
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos... High Unreviewed
CVE-2025-26781 was published Oct 20, 2025
alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing High
CVE-2025-62370 was published for alloy-dyn-abi (Rust) Oct 15, 2025
emostov cr-tk
Credited to emostov and cr-tk
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform... High Unreviewed
CVE-2025-59248 was published Oct 14, 2025
JDBC Driver for SQL Server has improper input validation issue High
CVE-2025-59250 was published for com.microsoft.sqlserver:mssql-jdbc (Maven) Oct 14, 2025
Fidget-Grep andreasmh
Credited to Fidget-Grep and andreasmh
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate... High Unreviewed
CVE-2025-59207 was published Oct 14, 2025
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute... High Unreviewed
CVE-2025-59228 was published Oct 14, 2025
Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2025-59187 was published Oct 14, 2025
Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate... High Unreviewed
CVE-2025-58716 was published Oct 14, 2025
Improper input validation in Windows Error Reporting allows an authorized attacker to elevate... High Unreviewed
CVE-2025-55692 was published Oct 14, 2025
A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers... High Unreviewed
CVE-2025-9066 was published Oct 14, 2025
A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All... High Unreviewed
CVE-2011-20001 was published Oct 14, 2025
cel-rust May Panic During Parsing of Invalid CEL Expressions High
CVE-2025-62162 was published for cel (Rust) Oct 11, 2025
howardjohn alexsnaps
Credited to howardjohn and alexsnaps
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments High
CVE-2025-61920 was published for authlib (pip) Oct 10, 2025
AL-Cybision
Credited to AL-Cybision
Duplicate Advisory: motionEye vulnerable to RCE via unsanitized motion config parameter High
GHSA-26f6-wm47-7h7j was published for motioneye (pip) Oct 3, 2025 withdrawn
OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the... High Unreviewed
CVE-2025-34226 was published Oct 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database