Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,961 advisories

Loading
The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is... High Unreviewed
CVE-2025-12139 was published Nov 5, 2025
KubeVirt Vulnerable to Arbitrary Host File Read and Write High
CVE-2025-64324 was published for kubevirt.io/kubevirt (Go) Nov 7, 2025
mihailkirov Credited to mihailkirov, Faeris95, and jean-edouard Faeris95 Faeris95
jean-edouard jean-edouard
A local code execution security issue exists within Studio 5000® Simulation Interface™ via the... High Unreviewed
CVE-2025-11697 was published Nov 11, 2025
An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1... High Unreviewed
CVE-2025-54345 was published Nov 14, 2025
Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store... High Unreviewed
CVE-2025-63891 was published Nov 14, 2025
The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP1000, STAR300, STAR2000,... High Unreviewed
CVE-2025-63209 was published Nov 19, 2025
An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe,... High Unreviewed
CVE-2025-63205 was published Nov 19, 2025
The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference... High Unreviewed
CVE-2025-13526 was published Nov 22, 2025
An issue was discovered in file users.json in GroceryMart commit 21934e6 (2020-10-23) allowing... High Unreviewed
CVE-2025-65278 was published Nov 26, 2025
libcrux incorrectly calculates on aarch64 High
GHSA-2cgv-28vr-rv6j was published for libcrux-intrinsics (Rust) Dec 4, 2025
Fidget-Grep Credited to Fidget-Grep
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be... High Unreviewed
CVE-2025-10285 was published Dec 5, 2025
Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands High
CVE-2025-66623 was published for io.strimzi:strimzi (Maven) Dec 5, 2025
scholzj Credited to scholzj, ppatierno, and im-konge ppatierno ppatierno
im-konge im-konge
XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and... High Unreviewed
CVE-2025-63094 was published Dec 10, 2025
This issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15... High Unreviewed
CVE-2025-43542 was published Dec 12, 2025
Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8... High Unreviewed
CVE-2025-14553 was published Dec 16, 2025
Storybook manager bundle may expose environment variables during build High
CVE-2025-68429 was published for storybook (npm) Dec 18, 2025
matthew-gill Credited to matthew-gill
Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows... High Unreviewed
CVE-2025-63662 was published Dec 22, 2025
Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability... High Unreviewed
CVE-2025-12491 was published Dec 24, 2025
Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data,... High Unreviewed
CVE-2025-15065 was published Dec 29, 2025
DVP-12SE11T - Authentication Bypass via Partial Password Disclosure High Unreviewed
CVE-2025-15103 was published Dec 30, 2025
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800... High Unreviewed
CVE-2025-20336 was published Jan 5, 2026
The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2025-13371 was published Jan 7, 2026
Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles High
GHSA-96qw-h329-v5rg was published for shakapacker (RubyGems) Jan 8, 2026
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any... High Unreviewed
CVE-2025-68719 was published Jan 8, 2026
A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain... High Unreviewed
CVE-2025-37165 was published Jan 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database