Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
47
Go
3,295
Maven
5,000+
npm
5,000+
NuGet
876
pip
4,524
Pub
12
RubyGems
1,008
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does... Moderate Unreviewed
CVE-2026-25916 was published Feb 9, 2026
A local low privileged attacker can bypass the authentication of the Device Manager user... High Unreviewed
CVE-2025-41727 was published Jan 27, 2026
An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially... High Unreviewed
CVE-2025-67303 was published Jan 5, 2026
BullWall Ransomware Containment contains excluded file paths, such as '$recycle.bin' that are not... High Unreviewed
CVE-2025-62001 was published Dec 18, 2025
In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration... Moderate Unreviewed
CVE-2025-66432 was published Nov 30, 2025
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An... Critical Unreviewed
CVE-2025-13315 was published Nov 19, 2025
An issue discovered in Dyson App v6.1.23041-23595 allows unauthenticated attackers to control... High Unreviewed
CVE-2025-56558 was published Oct 29, 2025
Slack Nebula may accept arbitrary source IP addresses Moderate
CVE-2025-62820 was published for github.com/slackhq/nebula (Go) Oct 23, 2025
An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below... High Unreviewed
CVE-2025-8557 was published Sep 11, 2025
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control... Critical Unreviewed
CVE-2025-59033 was published Sep 8, 2025
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in... High Unreviewed
CVE-2025-54351 was published Aug 3, 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used,... Critical Unreviewed
CVE-2025-54309 was published Jul 18, 2025
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in... Critical Unreviewed
CVE-2025-52921 was published Jun 23, 2025
ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing... Low Unreviewed
CVE-2025-52969 was published Jun 23, 2025
xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which... Low Unreviewed
CVE-2025-52968 was published Jun 23, 2025
IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local... High Unreviewed
CVE-2025-1095 was published Apr 8, 2025
A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation... Moderate Unreviewed
CVE-2023-52718 was published Dec 28, 2024
Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of... High Unreviewed
CVE-2023-7266 was published Dec 28, 2024
Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability High
GHSA-85qf-6845-m8p2 was published for github.com/juju/juju (Go) Oct 2, 2024 withdrawn
A vulnerability exists in Rockwell Automation affected products that allows a threat actor to... High Unreviewed
CVE-2024-6242 was published Aug 1, 2024
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature... Critical Unreviewed
CVE-2023-20198 was published Oct 16, 2023
NI MeasurementLink Python Services Improper Access Restriction vulnerability High
CVE-2023-4570 was published for ni-measurementlink-service (pip) Oct 5, 2023
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and... Critical Unreviewed
CVE-2023-31241 was published May 22, 2023
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system... Moderate Unreviewed
CVE-2023-0317 was published Apr 19, 2023
Docker Swarm encrypted overlay network may be unauthenticated High
CVE-2023-28840 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere Credited to corhere, quadespresso, cpuguy83, tianon, neersighted, laurazard, and akerouanton quadespresso quadespresso
cpuguy83 cpuguy83 tianon tianon neersighted neersighted laurazard laurazard akerouanton akerouanton
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database