Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

158,248 advisories

Loading
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2025-47600 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-49045 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-62077 was published Jan 22, 2026
The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a... Moderate Unreviewed
CVE-2025-32057 was published Jan 22, 2026
A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818)... Moderate Unreviewed
CVE-2025-69612 was published Jan 22, 2026
The anti-theft protection mechanism can be bypassed by attackers due to weak response generation... Moderate Unreviewed
CVE-2025-32056 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-27005 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-32123 was published Jan 22, 2026
Beam Exposes sensitive information via joinCleanPath function Moderate
CVE-2025-69820 was published for github.com/beam-cloud/beta9 (Go) Jan 22, 2026
A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability... Moderate Unreviewed
CVE-2026-1326 was published Jan 22, 2026
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue... Moderate Unreviewed
CVE-2026-1327 was published Jan 22, 2026
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent,... Moderate Unreviewed
CVE-2025-15523 was published Jan 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18... Moderate Unreviewed
CVE-2026-1102 was published Jan 22, 2026
A security flaw has been discovered in Sangfor Operation and Maintenance Security Management... Moderate Unreviewed
CVE-2026-1325 was published Jan 22, 2026
MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing... Moderate Unreviewed
CVE-2026-1332 was published Jan 22, 2026
Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a... Moderate Unreviewed
CVE-2025-67683 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-4763 was published Jan 22, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18... Moderate Unreviewed
CVE-2025-13335 was published Jan 22, 2026
Discord through 2026-01-16 allows gathering information about whether a user's client state is... Moderate Unreviewed
CVE-2026-24332 was published Jan 22, 2026
pytest has vulnerable tmpdir handling Moderate
CVE-2025-71176 was published for pytest (pip) Jan 22, 2026
adamjstewart Credited to adamjstewart and MatheusCylo MatheusCylo MatheusCylo
A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an... Moderate Unreviewed
CVE-2025-27379 was published Jan 22, 2026
Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud... Moderate Unreviewed
CVE-2025-27377 was published Jan 22, 2026
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2026-1036 was published Jan 22, 2026
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions Moderate
CVE-2025-13465 was published for lodash (npm) Jan 21, 2026
lukas-eu Credited to lukas-eu, ljharb, UlisesGascon, falsyvalues, and jdalton ljharb ljharb
UlisesGascon UlisesGascon falsyvalues falsyvalues jdalton jdalton
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass Moderate
CVE-2026-24047 was published for @backstage/cli-common (npm) Jan 21, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database