Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,990 advisories

Loading
A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker... High Unreviewed
CVE-2025-11838 was published Dec 5, 2025
A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate... High Unreviewed
CVE-2025-1547 was published Dec 5, 2025
An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated... High Unreviewed
CVE-2025-1545 was published Dec 5, 2025
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure... High Unreviewed
CVE-2025-13932 was published Dec 5, 2025
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive... High Unreviewed
CVE-2024-8176 was published Mar 14, 2025
A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24... High Unreviewed
CVE-2023-26226 was published May 30, 2025
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration High
CVE-2025-30165 was published for vllm (pip) May 6, 2025
avioligo russellb
Credited to avioligo and russellb
auth0/node-jws Improperly Verifies HMAC Signature High
CVE-2025-65945 was published for jws (npm) Dec 4, 2025
Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web High
CVE-2025-65958 was published for open-webui (pip) Dec 4, 2025
teolines
Credited to teolines
Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows... High Unreviewed
CVE-2025-32919 was published Oct 9, 2025
In the Linux kernel, the following vulnerability has been resolved: mtd: core: add missing... High Unreviewed
CVE-2022-50283 was published Sep 15, 2025
In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out... High Unreviewed
CVE-2023-53238 was published Sep 15, 2025
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote... High Unreviewed
CVE-2025-13639 was published Dec 2, 2025
Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and... High Unreviewed
CVE-2025-39664 was published Oct 9, 2025
AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows... High Unreviewed
CVE-2025-66555 was published Dec 4, 2025
Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the... High Unreviewed
CVE-2025-66576 was published Dec 4, 2025
VeeVPN 1.6.1 contains an unquoted service path vulnerability in the VeePNService that allows... High Unreviewed
CVE-2025-66575 was published Dec 4, 2025
dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing... High Unreviewed
CVE-2023-53734 was published Dec 4, 2025
R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's... High Unreviewed
CVE-2024-58277 was published Dec 4, 2025
The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect... High Unreviewed
CVE-2025-13543 was published Dec 4, 2025
The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state... High Unreviewed
CVE-2025-27935 was published Dec 4, 2025
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could... High Unreviewed
CVE-2025-66237 was published Dec 4, 2025
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local... High Unreviewed
CVE-2024-58278 was published Dec 4, 2025
There is a relative path traversal vulnerability in the NI System Web Server that may result in... High Unreviewed
CVE-2025-12097 was published Dec 4, 2025
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force... High Unreviewed
CVE-2025-12995 was published Dec 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database