Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

125,465 advisories

Loading
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to... High Unreviewed
CVE-2025-34417 was published Dec 10, 2025
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to... High Unreviewed
CVE-2025-34419 was published Dec 10, 2025
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to... High Unreviewed
CVE-2025-34418 was published Dec 10, 2025
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to... High Unreviewed
CVE-2025-34420 was published Dec 10, 2025
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1,... High Unreviewed
CVE-2025-34395 was published Dec 10, 2025
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to... High Unreviewed
CVE-2025-34416 was published Dec 10, 2025
1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality High
CVE-2025-34410 was published for github.com/1Panel-dev/1Panel (Go) Dec 10, 2025
ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only) High
CVE-2025-66628 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 10, 2025
Sumitshah00 Credited to Sumitshah00
XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection High
CVE-2025-66474 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Dec 10, 2025
XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis High
CVE-2025-66473 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Dec 10, 2025
An improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a... High Unreviewed
CVE-2025-13155 was published Dec 10, 2025
A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal... High Unreviewed
CVE-2025-13152 was published Dec 10, 2025
Gogs vulnerable to a bypass of CVE-2024-55947 High
CVE-2025-8110 was published for gogs.io/gogs (Go) Dec 10, 2025
A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser... High Unreviewed
CVE-2025-12046 was published Dec 10, 2025
Due to improper BLE security configurations on the device's GATT server, an adjacent... High Unreviewed
CVE-2024-2104 was published Dec 10, 2025
A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low... High Unreviewed
CVE-2025-7073 was published Dec 10, 2025
The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version <=... High Unreviewed
CVE-2025-14390 was published Dec 10, 2025
Apache Struts has a Denial of Service vulnerability High
CVE-2025-66675 was published for org.apache.struts:struts2-core (Maven) Dec 10, 2025
Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12... High Unreviewed
CVE-2025-41358 was published Dec 10, 2025
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account()... High Unreviewed
CVE-2025-41730 was published Dec 10, 2025
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie()... High Unreviewed
CVE-2025-41732 was published Dec 10, 2025
Incorrect Use of Privileged APIs vulnerability in NomySost Information Technology Training and... High Unreviewed
CVE-2025-1161 was published Dec 10, 2025
A remote code execution (RCE) vulnerability exists in Google Cloud Data Fusion. A user with... High Unreviewed
CVE-2025-9571 was published Dec 10, 2025
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent... High Unreviewed
CVE-2025-12952 was published Dec 10, 2025
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all... High Unreviewed
CVE-2025-13339 was published Dec 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database