Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

10,985 advisories

Loading
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. This affects an unknown function... Low Unreviewed
CVE-2025-11640 was published Oct 12, 2025
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an... Low Unreviewed
CVE-2025-2139 was published Oct 12, 2025
A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. This affects an unknown... Low Unreviewed
CVE-2025-11634 was published Oct 12, 2025
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an... Low Unreviewed
CVE-2025-2138 was published Oct 12, 2025
HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious... Low Unreviewed
CVE-2025-52614 was published Oct 12, 2025
HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to... Low Unreviewed
CVE-2025-52615 was published Oct 12, 2025
HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes... Low Unreviewed
CVE-2025-31998 was published Oct 12, 2025
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery ... Low Unreviewed
CVE-2025-31993 was published Oct 12, 2025
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request... Low Unreviewed
CVE-2025-8606 was published Oct 11, 2025
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this... Low Unreviewed
CVE-2025-58290 was published Oct 11, 2025
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this... Low Unreviewed
CVE-2025-58291 was published Oct 11, 2025
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this... Low Unreviewed
CVE-2025-58292 was published Oct 11, 2025
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this... Low Unreviewed
CVE-2025-58286 was published Oct 11, 2025
Permission control vulnerability in the camera module. Successful exploitation of this... Low Unreviewed
CVE-2025-58282 was published Oct 11, 2025
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the... Low Unreviewed
CVE-2025-2864 was published Mar 28, 2025
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources... Low Unreviewed
CVE-2025-2865 was published Mar 28, 2025
HCL MyXalytics  6.6.  product is affected by Use of Vulnerable/Outdated Versions Vulnerability Low Unreviewed
CVE-2025-52658 was published Oct 3, 2025
7-Zip before 25.01 does not always properly handle symbolic links during extraction. Low Unreviewed
CVE-2025-55188 was published Aug 8, 2025
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION... Low Unreviewed
CVE-2025-52635 was published Oct 10, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue... Low Unreviewed
CVE-2025-52634 was published Oct 10, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue... Low Unreviewed
CVE-2025-52630 was published Oct 10, 2025
A vulnerability  Cacheable SSL Page Found vulnerability has been identified in HCL AION.  ... Low Unreviewed
CVE-2025-52625 was published Oct 10, 2025
Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6... Low Unreviewed
CVE-2025-52655 was published Oct 10, 2025
Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows... Low Unreviewed
CVE-2025-21046 was published Oct 10, 2025
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability... Low Unreviewed
CVE-2025-40632 was published May 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database