Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

180 advisories

Loading
eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor... High Unreviewed
CVE-2025-34337 was published Nov 19, 2025
Rancher CLI SAML authentication is vulnerable to phishing attacks High
CVE-2024-58267 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass) High
CVE-2025-59420 was published for authlib (pip) Sep 22, 2025
AL-Cybision
Credited to AL-Cybision
A vulnerability was determined in Belkin AX1800 1.1.00.016. Affected by this vulnerability is an... High Unreviewed
CVE-2025-9379 was published Aug 24, 2025
In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing... High Unreviewed
CVE-2025-6504 was published Jul 29, 2025
An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of... High Unreviewed
CVE-2025-30192 was published Jul 21, 2025
@clerk/backend Performs Insufficient Verification of Data Authenticity High
CVE-2025-53548 was published for @clerk/astro (npm) Jul 9, 2025
GautierT
Credited to GautierT
A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162.... High Unreviewed
CVE-2025-7096 was published Jul 7, 2025
The executable file warning did not warn users before opening files with the `terminal` extension... High Unreviewed
CVE-2025-6426 was published Jun 26, 2025
The backup ZIPs are not signed by the application, leading to the possibility that an attacker... High Unreviewed
CVE-2025-49199 was published Jun 12, 2025
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized... High Unreviewed
CVE-2025-29842 was published May 13, 2025
React Router allows pre-render data spoofing on React-Router framework mode High
CVE-2025-43865 was published for react-router (npm) Apr 24, 2025
cold-try mhassan1
Credited to cold-try and mhassan1
Vela Server Has Insufficient Webhook Payload Data Verification High
CVE-2025-27616 was published for github.com/go-vela/server (Go) Mar 10, 2025
Insufficient verification of data authenticity in some Intel(R) DSA software before version 23.4... High Unreviewed
CVE-2024-39805 was published Feb 13, 2025
Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This... High Unreviewed
CVE-2025-1108 was published Feb 7, 2025
There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD... High Unreviewed
CVE-2024-10237 was published Feb 4, 2025
CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts High
GHSA-r3r4-g7hq-pq4f was published for github.com/cometbft/cometbft (Go) Feb 3, 2025
unknownfeature
Credited to unknownfeature
Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege... High Unreviewed
CVE-2024-8356 was published Nov 23, 2024
Laravel Reverb Missing API Signature Verification High
CVE-2024-50347 was published for laravel/reverb (Composer) Oct 31, 2024
RobertBoes
Credited to RobertBoes
VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to... High Unreviewed
CVE-2024-7847 was published Oct 14, 2024
Gradio lacks integrity checking on the downloaded FRP client High
CVE-2024-47867 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Credited to ahpaleus and Vasco-jofra
An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache... High Unreviewed
CVE-2023-28457 was published Sep 18, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84... High Unreviewed
CVE-2024-7980 was published Aug 21, 2024
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84... High Unreviewed
CVE-2024-7979 was published Aug 21, 2024
Windows Print Spooler Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38198 was published Aug 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database