Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,618 advisories

Loading
mdast-util-to-hast has unsanitized class attribute Moderate
CVE-2025-66400 was published for mdast-util-to-hast (npm) Dec 2, 2025
Improper input validation in the BitstreamWriter::write_bits() function of Tempus Ex hello-video... Moderate Unreviewed
CVE-2025-63095 was published Dec 1, 2025
A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware... High Unreviewed
CVE-2025-26858 was published Dec 1, 2025
NutzBoot vulnerable to deserialization Low
CVE-2025-13805 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on... Moderate Unreviewed
CVE-2025-13762 was published Nov 27, 2025
A vulnerability in Automated Logic and Carrier's Zone Controller via BACnet protocol causes the... High Unreviewed
CVE-2025-0658 was published Nov 27, 2025
Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica... Critical Unreviewed
CVE-2025-66259 was published Nov 26, 2025
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by... High Unreviewed
CVE-2025-0248 was published Nov 25, 2025
NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause... Moderate Unreviewed
CVE-2025-33191 was published Nov 25, 2025
A Looker user with a Developer role could create a database connection using IBM DB2 driver and,... High Unreviewed
CVE-2025-12740 was published Nov 24, 2025
A Looker user with Developer role could create a database connection using Denodo driver and, by... High Unreviewed
CVE-2025-12741 was published Nov 24, 2025
With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is... Low Unreviewed
CVE-2025-12889 was published Nov 22, 2025
Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple... Moderate Unreviewed
CVE-2025-11936 was published Nov 22, 2025
Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in... Low Unreviewed
CVE-2025-11934 was published Nov 22, 2025
Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on... Low Unreviewed
CVE-2025-11933 was published Nov 22, 2025
vLLM deserialization vulnerability leading to DoS and potential RCE High
CVE-2025-62164 was published for vllm (pip) Nov 20, 2025
omriaxion russellb
DarkLight1337 Isotr0py ywang96
Credited to omriaxion, russellb, DarkLight1337, Isotr0py, and ywang96
Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 (UPnP modules), which... High Unreviewed
CVE-2025-11676 was published Nov 20, 2025
The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code... Critical Unreviewed
CVE-2025-63213 was published Nov 19, 2025
The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12842 was published Nov 19, 2025
CWE-20 Improper Input Validation Moderate Unreviewed
CVE-2025-55058 was published Nov 17, 2025
An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager,... High Unreviewed
CVE-2025-13319 was published Nov 17, 2025
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no... Critical Unreviewed
CVE-2025-10460 was published Nov 17, 2025
Directus is Vulnerable to Stored Cross-site Scripting Moderate
CVE-2025-64747 was published for directus (npm) Nov 14, 2025
Cl0wnK1n9
Credited to Cl0wnK1n9
Improper neutralization of special elements used in a command ('command injection') in Visual... High Unreviewed
CVE-2025-62222 was published Nov 11, 2025
Improper input validation for some Intel(R) oneAPI Math Kernel Library before version 2025.2... Moderate Unreviewed
CVE-2025-31948 was published Nov 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database