Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,925 advisories

Loading
Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41... High Unreviewed
CVE-2025-13631 was published Dec 2, 2025
Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker... High Unreviewed
CVE-2025-13638 was published Dec 2, 2025
Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to... High Unreviewed
CVE-2025-13630 was published Dec 2, 2025
Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote... High Unreviewed
CVE-2025-13633 was published Dec 2, 2025
Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had... High Unreviewed
CVE-2025-13720 was published Dec 2, 2025
Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially... High Unreviewed
CVE-2025-13721 was published Dec 2, 2025
JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is... High Unreviewed
CVE-2025-34352 was published Dec 2, 2025
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote... High Unreviewed
CVE-2025-13639 was published Dec 2, 2025
GrapesJsBuilder File Upload allows all file uploads High
CVE-2025-13827 was published for mautic/grapes-js-builder-bundle (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
EverShop 2.0.1 allows an unauthenticated user to upload files and create directories within the ... High Unreviewed
CVE-2025-65844 was published Dec 2, 2025
gokey allows secret recovery from a seed file without the master password High
CVE-2025-13353 was published for github.com/cloudflare/gokey (Go) Dec 2, 2025
vLLM vulnerable to remote code execution via transformers_utils/get_config High
CVE-2025-66448 was published for vllm (pip) Dec 2, 2025
Vancir Isotr0py
DarkLight1337 russellb
Credited to Vancir, Isotr0py, DarkLight1337, and russellb
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default High
CVE-2025-66416 was published for mcp (pip) Dec 2, 2025
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default High
CVE-2025-66414 was published for @modelcontextprotocol/sdk (npm) Dec 2, 2025
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... High Unreviewed
CVE-2025-59697 was published Dec 2, 2025
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... High Unreviewed
CVE-2025-59702 was published Dec 2, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER... High Unreviewed
CVE-2025-13295 was published Dec 2, 2025
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of... High Unreviewed
CVE-2025-12465 was published Dec 2, 2025
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an... High Unreviewed
CVE-2025-41013 was published Dec 2, 2025
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an... High Unreviewed
CVE-2025-41012 was published Dec 2, 2025
Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile'... High Unreviewed
CVE-2025-11789 was published Dec 2, 2025
Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the ... High Unreviewed
CVE-2025-11788 was published Dec 2, 2025
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the ... High Unreviewed
CVE-2025-11785 was published Dec 2, 2025
Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2... High Unreviewed
CVE-2025-11787 was published Dec 2, 2025
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the ... High Unreviewed
CVE-2025-11786 was published Dec 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database