Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

10,971 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue... Low Unreviewed
CVE-2025-52634 was published Oct 10, 2025
A vulnerability  Cacheable SSL Page Found vulnerability has been identified in HCL AION.  ... Low Unreviewed
CVE-2025-52625 was published Oct 10, 2025
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION... Low Unreviewed
CVE-2025-52635 was published Oct 10, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue... Low Unreviewed
CVE-2025-52630 was published Oct 10, 2025
Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6... Low Unreviewed
CVE-2025-52655 was published Oct 10, 2025
Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows... Low Unreviewed
CVE-2025-21046 was published Oct 10, 2025
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4... Low Unreviewed
CVE-2025-32916 was published Oct 9, 2025
In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire... Low Unreviewed
CVE-2025-5009 was published Oct 8, 2025
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This... Low Unreviewed
CVE-2025-11489 was published Oct 8, 2025
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written... Low Unreviewed
CVE-2025-62187 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Low Unreviewed
CVE-2025-43910 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Low Unreviewed
CVE-2025-43909 was published Oct 7, 2025
Generation of Predictable Numbers or Identifiers vulnerability in B&R Industrial Automation... Low Unreviewed
CVE-2025-3449 was published Oct 7, 2025
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to... Low Unreviewed
CVE-2025-61985 was published Oct 6, 2025
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain... Low Unreviewed
CVE-2025-61984 was published Oct 6, 2025
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct... Low Unreviewed
CVE-2025-59447 was published Oct 6, 2025
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long... Low Unreviewed
CVE-2025-59451 was published Oct 6, 2025
A user with the appropriate authorization can create any number of user accounts via an API ... Low Unreviewed
CVE-2025-58578 was published Oct 6, 2025
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace... Low Unreviewed
CVE-2025-58589 was published Oct 6, 2025
A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function... Low Unreviewed
CVE-2025-11281 was published Oct 5, 2025
HCL MyXalytics  6.6.  product is affected by Use of Vulnerable/Outdated Versions Vulnerability Low Unreviewed
CVE-2025-52658 was published Oct 3, 2025
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup... Low Unreviewed
CVE-2025-10306 was published Oct 3, 2025
A regular Zabbix user can search other users in their user group via Zabbix API by select fields... Low Unreviewed
CVE-2025-27236 was published Oct 3, 2025
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version... Low Unreviewed
CVE-2025-54087 was published Oct 2, 2025
Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to... Low Unreviewed
CVE-2025-11239 was published Oct 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database