Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,890
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,217
NuGet
745
pip
3,994
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

10,965 advisories

Loading
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By... Low Unreviewed
CVE-2025-40631 was published May 16, 2025
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability... Low Unreviewed
CVE-2025-40632 was published May 16, 2025
HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling... Low Unreviewed
CVE-2024-42193 was published Apr 15, 2025
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4... Low Unreviewed
CVE-2025-32916 was published Oct 9, 2025
Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to... Low Unreviewed
CVE-2025-11239 was published Oct 2, 2025
In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire... Low Unreviewed
CVE-2025-5009 was published Oct 8, 2025
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This... Low Unreviewed
CVE-2025-11489 was published Oct 8, 2025
Zabbix API user.get returns all users that share common group with the calling user. This... Low Unreviewed
CVE-2024-42325 was published Apr 2, 2025
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability,... Low Unreviewed
CVE-2025-11195 was published Sep 30, 2025
A regular Zabbix user can search other users in their user group via Zabbix API by select fields... Low Unreviewed
CVE-2025-27236 was published Oct 3, 2025
Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that... Low Unreviewed
CVE-2025-27238 was published Sep 12, 2025
Execution time for an unsuccessful login differs when using a non-existing username compared to... Low Unreviewed
CVE-2024-36469 was published Apr 2, 2025
The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft... Low Unreviewed
CVE-2024-42332 was published Nov 27, 2024
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written... Low Unreviewed
CVE-2025-62187 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Low Unreviewed
CVE-2025-43910 was published Oct 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Low Unreviewed
CVE-2025-43909 was published Oct 7, 2025
Generation of Predictable Numbers or Identifiers vulnerability in B&R Industrial Automation... Low Unreviewed
CVE-2025-3449 was published Oct 7, 2025
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version... Low Unreviewed
CVE-2025-54087 was published Oct 2, 2025
In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to... Low Unreviewed
CVE-2024-41027 was published Jul 29, 2024
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain... Low Unreviewed
CVE-2025-61984 was published Oct 6, 2025
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an... Low Unreviewed
CVE-2024-7868 was published Aug 15, 2024
Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in... Low Unreviewed
CVE-2025-2574 was published Mar 20, 2025
The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct... Low Unreviewed
CVE-2025-59447 was published Oct 6, 2025
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long... Low Unreviewed
CVE-2025-59451 was published Oct 6, 2025
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to... Low Unreviewed
CVE-2025-61985 was published Oct 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database