Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,228
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

58 advisories

Loading
In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users... Moderate Unreviewed
CVE-2025-62292 was published Oct 10, 2025
The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to... Low Unreviewed
CVE-2025-56675 was published Sep 30, 2025
PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside... Low Unreviewed
CVE-2025-59691 was published Sep 19, 2025
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the... Low Unreviewed
CVE-2025-59692 was published Sep 19, 2025
Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for... Low Unreviewed
CVE-2025-59453 was published Sep 16, 2025
In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to... Moderate Unreviewed
CVE-2025-59378 was published Sep 15, 2025
In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps... High Unreviewed
CVE-2025-59363 was published Sep 14, 2025
Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified... Critical Unreviewed
CVE-2025-34158 was published Aug 21, 2025
The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the... Low Unreviewed
CVE-2025-54956 was published Aug 3, 2025
WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts... Low Unreviewed
CVE-2025-54352 was published Jul 21, 2025
qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL... Moderate Unreviewed
CVE-2025-54310 was published Jul 18, 2025
An unauthenticated remote attacker could use a demo account of the portal to hijack devices that... High Unreviewed
CVE-2025-41645 was published May 13, 2025
@misskey-dev/summaly Redirect Filter Bypass Low
CVE-2025-46553 was published for @misskey-dev/summaly (npm) May 5, 2025
warriordog
Credited to warriordog
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization High
GHSA-22fp-mf44-f2mq was published for youtube-dl (pip) Apr 18, 2025
pukkandan JarLob
Grub4K dirkf rhdesmond
Credited to pukkandan, JarLob, Grub4K, dirkf, and rhdesmond
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use... Moderate Unreviewed
CVE-2024-42158 was published Jul 30, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization High
CVE-2024-38519 was published for yt-dlp (pip) Jul 2, 2024
pukkandan JarLob
Grub4K
Credited to pukkandan, JarLob, and Grub4K
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects Moderate
CVE-2024-37891 was published for urllib3 (pip) Jun 17, 2024
pquentin illia-v
G-Rath
Credited to pquentin, illia-v, and G-Rath
Moby's external DNS requests from 'internal' networks could lead to data exfiltration Moderate
CVE-2024-29018 was published for github.com/docker/docker (Go) Mar 20, 2024
robmry akerouanton
neersighted gabriellavengeo cibofo
Credited to robmry, akerouanton, neersighted, gabriellavengeo, and cibofo
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of... High Unreviewed
CVE-2023-44100 was published Oct 11, 2023
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of... High Unreviewed
CVE-2023-44104 was published Oct 11, 2023
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300.... High Unreviewed
CVE-2023-31115 was published Jun 7, 2023
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300.... Critical Unreviewed
CVE-2023-31114 was published Jun 7, 2023
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in... Moderate Unreviewed
CVE-2023-22950 was published Apr 13, 2023
Elrond-GO processing: fallback search of SCRs when not found in the main cache High
CVE-2022-46173 was published for github.com/ElrondNetwork/elrond-go (Go) Dec 30, 2022
PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. Critical Unreviewed
CVE-2022-4446 was published Dec 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database