Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

107 advisories

Loading
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. The flaw exists... High Unreviewed
CVE-2025-55886 was published Sep 22, 2025
Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may... High Unreviewed
CVE-2025-35968 was published Nov 11, 2025
Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied... High Unreviewed
CVE-2024-31142 was published May 16, 2024
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1,... High Unreviewed
CVE-2024-44122 was published Oct 28, 2024
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird... High Unreviewed
CVE-2025-10528 was published Sep 16, 2025
XSLT document loading did not correctly propagate the source document which bypassed its CSP.... High Unreviewed
CVE-2025-8032 was published Jul 22, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6,... High Unreviewed
CVE-2025-31224 was published May 13, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15... High Unreviewed
CVE-2025-43330 was published Sep 16, 2025
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS... High Unreviewed
CVE-2025-31244 was published May 13, 2025
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can... High Unreviewed
CVE-2022-39957 was published Sep 21, 2022
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7... High Unreviewed
CVE-2013-2465 was published May 14, 2022
Internet Shortcut Files Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-21412 was published Feb 13, 2024
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass... High Unreviewed
CVE-2025-0411 was published Jan 25, 2025
Microsoft Publisher Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-38226 was published Sep 10, 2024
SmartScreen Prompt Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-29988 was published Apr 9, 2024
Access control vulnerability in the identity authentication module Impact: Successful... High Unreviewed
CVE-2024-56439 was published Jan 8, 2025
A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote... High Unreviewed
CVE-2025-37124 was published Sep 17, 2025
In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM... High Unreviewed
CVE-2025-48522 was published Sep 4, 2025
In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning... High Unreviewed
CVE-2025-32331 was published Sep 4, 2025
In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the... High Unreviewed
CVE-2025-26444 was published Sep 5, 2025
In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch... High Unreviewed
CVE-2025-48546 was published Sep 4, 2025
In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in... High Unreviewed
CVE-2025-0089 was published Sep 4, 2025
In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without... High Unreviewed
CVE-2025-26443 was published Sep 5, 2025
In executeAppFunction of AppSearchManagerService.java, there is a possible background activity... High Unreviewed
CVE-2025-26464 was published Sep 4, 2025
In multiple functions of LocationProviderManager.java, there is a possible background activity... High Unreviewed
CVE-2025-26458 was published Sep 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database