Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

342 advisories

Loading
Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass... Moderate Unreviewed
CVE-2025-29864 was published Dec 3, 2025
The WP Headless CMS Framework plugin for WordPress is vulnerable to protection mechanism bypass... Moderate Unreviewed
CVE-2025-11260 was published Nov 13, 2025
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an... Moderate Unreviewed
CVE-2025-62453 was published Nov 11, 2025
Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may... High Unreviewed
CVE-2025-35968 was published Nov 11, 2025
Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001... Moderate Unreviewed
CVE-2025-24848 was published Nov 11, 2025
Protection mechanism failure for some Intel(R) NPU Drivers within Ring 3: User Applications may... Moderate Unreviewed
CVE-2025-26402 was published Nov 11, 2025
Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001... Moderate Unreviewed
CVE-2025-24834 was published Nov 11, 2025
Collision in MiniFilter driver in Avast Software Avast Free Antivirus  before 25.9  on Windows... Moderate Unreviewed
CVE-2025-10905 was published Nov 11, 2025
Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a... Moderate Unreviewed
CVE-2025-12906 was published Nov 8, 2025
Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a... Moderate Unreviewed
CVE-2025-12909 was published Nov 8, 2025
Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH Low
GHSA-j2pc-v64r-mv4f was published for io.github.ascopes:protobuf-maven-plugin (Maven) Nov 4, 2025
Marcono1234
Credited to Marcono1234
Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker... Moderate Unreviewed
CVE-2025-60711 was published Oct 31, 2025
Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Moderate Unreviewed
CVE-2025-12554 was published Oct 31, 2025
The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) plugin for... Moderate Unreviewed
CVE-2025-12094 was published Oct 31, 2025
HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to... Low Unreviewed
CVE-2025-52615 was published Oct 12, 2025
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. The flaw exists... High Unreviewed
CVE-2025-55886 was published Sep 22, 2025
Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports Critical
GHSA-hf6h-9wq7-hmjg was published for picklescan (pip) Sep 17, 2025 withdrawn
A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote... High Unreviewed
CVE-2025-37124 was published Sep 17, 2025
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird... High Unreviewed
CVE-2025-10528 was published Sep 16, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15... High Unreviewed
CVE-2025-43330 was published Sep 16, 2025
Picklescan Bypass is Possible via File Extension Mismatch Critical
CVE-2025-10155 was published for picklescan (pip) Sep 10, 2025
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
CVE-2025-10156 was published for picklescan (pip) Sep 10, 2025
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports Critical
CVE-2025-10157 was published for picklescan (pip) Sep 10, 2025
davcohen
Credited to davcohen
Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a... Moderate Unreviewed
CVE-2025-54917 was published Sep 9, 2025
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control... Critical Unreviewed
CVE-2025-59033 was published Sep 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database