Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

133,273 advisories

Loading
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an... Moderate Unreviewed
CVE-2025-13086 was published Dec 3, 2025
Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12_28, and commit... Moderate Unreviewed
CVE-2025-50361 was published Dec 3, 2025
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard... Moderate Unreviewed
CVE-2025-61727 was published Dec 3, 2025
Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258... Moderate Unreviewed
CVE-2025-13992 was published Dec 3, 2025
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0... Moderate Unreviewed
CVE-2025-63401 was published Dec 3, 2025
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to... Moderate Unreviewed
CVE-2025-63402 was published Dec 3, 2025
When building nested elements using xml.dom.minidom methods such as appendChild() that have a... Moderate Unreviewed
CVE-2025-12084 was published Dec 3, 2025
A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper... Moderate Unreviewed
CVE-2025-62686 was published Dec 3, 2025
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980,... Moderate Unreviewed
CVE-2025-53965 was published Dec 3, 2025
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58,... Moderate Unreviewed
CVE-2025-20383 was published Dec 3, 2025
In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model... Moderate Unreviewed
CVE-2025-20381 was published Dec 3, 2025
A local privilege escalation vulnerability exists in the InstallationHelper service included with... Moderate Unreviewed
CVE-2025-55076 was published Dec 3, 2025
A potential security vulnerability has been identified in HP Image Assistant for versions prior... Moderate Unreviewed
CVE-2025-13492 was published Dec 3, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2025-20384 was published Dec 3, 2025
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10,... Moderate Unreviewed
CVE-2025-20389 was published Dec 3, 2025
A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY... Moderate Unreviewed
CVE-2025-57202 was published Dec 3, 2025
A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function... Moderate Unreviewed
CVE-2025-13949 was published Dec 3, 2025
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some... Moderate Unreviewed
CVE-2025-13948 was published Dec 3, 2025
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an... Moderate Unreviewed
CVE-2025-57200 was published Dec 3, 2025
The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and... Moderate Unreviewed
CVE-2025-13756 was published Dec 3, 2025
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is... Moderate Unreviewed
CVE-2025-13359 was published Dec 3, 2025
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross... Moderate Unreviewed
CVE-2025-12358 was published Dec 3, 2025
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13109 was published Dec 3, 2025
The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to,... Moderate Unreviewed
CVE-2025-12887 was published Dec 3, 2025
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is... Moderate Unreviewed
CVE-2025-13354 was published Dec 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database