Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

592 advisories

Loading
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal High
CVE-2026-25992 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 28, 2026
EaEa0001 Credited to EaEa0001
pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip) Moderate
CVE-2026-23888 was published for pnpm (npm) Jan 26, 2026
mldangelo Credited to mldangelo and mgol mgol mgol
Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path... High Unreviewed
CVE-2026-21280 was published Jan 13, 2026
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. High Unreviewed
CVE-2026-20943 was published Jan 13, 2026
An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local... High Unreviewed
CVE-2025-12793 was published Jan 6, 2026
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities... High Unreviewed
CVE-2019-25257 was published Dec 24, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and... High Unreviewed
CVE-2025-64785 was published Dec 9, 2025
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.0 allows an... High Unreviewed
CVE-2025-12819 was published Dec 3, 2025
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to... Moderate Unreviewed
CVE-2025-49642 was published Dec 1, 2025
A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege... High Unreviewed
CVE-2024-21922 was published Nov 23, 2025
Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege... High Unreviewed
CVE-2024-21923 was published Nov 23, 2025
A security flaw has been discovered in Muse Group MuseHub 2.1.0.1567. The affected element is an... High Unreviewed
CVE-2025-13433 was published Nov 20, 2025
Untrusted search path in Windows Administrator Protection allows an authorized attacker to... High Unreviewed
CVE-2025-60718 was published Nov 11, 2025
The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to... Moderate Unreviewed
CVE-2025-43079 was published Nov 10, 2025
Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed... High Unreviewed
CVE-2024-14012 was published Oct 29, 2025
A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file... High Unreviewed
CVE-2025-12286 was published Oct 27, 2025
A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function... High Unreviewed
CVE-2025-12247 was published Oct 27, 2025
A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects... High Unreviewed
CVE-2025-11940 was published Oct 19, 2025
Unity Editor 2019.1 through 6000.3 could allow remote attackers to exploit file loading and Local... High Unreviewed
CVE-2025-59489 was published Oct 3, 2025
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2... High Unreviewed
CVE-2025-9267 was published Sep 26, 2025
A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an... High Unreviewed
CVE-2025-9016 was published Aug 15, 2025
A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. Affected by this... High Unreviewed
CVE-2025-9000 was published Aug 15, 2025
Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated... Moderate Unreviewed
CVE-2025-49456 was published Aug 13, 2025
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to... Critical Unreviewed
CVE-2025-49457 was published Aug 13, 2025
A maliciously crafted binary file, when present while loading files in certain Autodesk... High Unreviewed
CVE-2025-5039 was published Jul 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database