Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,026
Maven
5,000+
npm
4,763
NuGet
824
pip
4,366
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

105 advisories

Loading
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few... Moderate Unreviewed
CVE-2026-2003 was published Feb 12, 2026
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator... High Unreviewed
CVE-2026-2004 was published Feb 12, 2026
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE)... High Unreviewed
CVE-2026-20119 was published Feb 4, 2026
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to... Critical Unreviewed
CVE-2026-24307 was published Jan 23, 2026
Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in Moderate
CVE-2025-12689 was published for github.com/mattermost/mattermost-plugin-calls (Go) Dec 17, 2025
Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection Low
CVE-2025-13352 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
An unauthorised attacker within bluetooth range may use an improper validation during the BLE... Moderate Unreviewed
CVE-2024-2105 was published Dec 10, 2025
In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could... Moderate Unreviewed
CVE-2025-32901 was published Dec 5, 2025
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial... Moderate Unreviewed
CVE-2025-20756 was published Dec 2, 2025
Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API Moderate
CVE-2025-60633 was published for github.com/free5gc/openapi (Go) Nov 24, 2025
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs... Critical Unreviewed
CVE-2025-12977 was published Nov 24, 2025
An unauthenticated remote attacker can send a specially crafted Modbus read command to the device... High Unreviewed
CVE-2025-41729 was published Nov 24, 2025
The VAPIX API port.cgi did not have sufficient input validation, which may result in process... Moderate Unreviewed
CVE-2025-9524 was published Nov 11, 2025
ACAP applications can gain elevated privileges due to improper input validation, potentially... Moderate Unreviewed
CVE-2025-6298 was published Nov 11, 2025
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary... Moderate Unreviewed
CVE-2025-4645 was published Nov 11, 2025
Improper validation of specified type of input in Windows Authentication Methods allows an... High Unreviewed
CVE-2025-59277 was published Oct 14, 2025
Improper validation of specified type of input in Windows Authentication Methods allows an... High Unreviewed
CVE-2025-59278 was published Oct 14, 2025
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an... Moderate Unreviewed
CVE-2025-59259 was published Oct 14, 2025
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an... Moderate Unreviewed
CVE-2025-59257 was published Oct 14, 2025
Improper validation of specified type of input in Microsoft Windows allows an authorized attacker... High Unreviewed
CVE-2025-55701 was published Oct 14, 2025
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an... Moderate Unreviewed
CVE-2025-58729 was published Oct 14, 2025
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This... High Unreviewed
CVE-2025-20711 was published Oct 14, 2025
Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured... Low Unreviewed
CVE-2025-58084 was published Oct 13, 2025
Synapse's invalid device keys degrade federation functionality Moderate
CVE-2025-61672 was published for matrix-synapse (pip) Oct 8, 2025
dkasak
Credited to dkasak
A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker... High Unreviewed
CVE-2025-20327 was published Sep 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database