Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
Parse Server's MFA recovery codes not consumed after use High
CVE-2026-31875 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device... High Unreviewed
CVE-2025-69415 was published Jan 2, 2026
When passing through PCI devices, the detach logic in libxl won't remove access permissions to... High Unreviewed
CVE-2025-58149 was published Oct 31, 2025
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are... High Unreviewed
CVE-2025-55669 was published Oct 15, 2025
In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure... High Unreviewed
CVE-2025-39698 was published Sep 5, 2025
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of... High Unreviewed
CVE-2025-6031 was published Jun 12, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and... High Unreviewed
CVE-2025-31253 was published May 13, 2025
In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a... High Unreviewed
CVE-2024-57929 was published Jan 19, 2025
An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7... High Unreviewed
CVE-2024-47571 was published Jan 14, 2025
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation High
CVE-2024-47060 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
prdp1137 Credited to prdp1137, livio-a, and fforootd livio-a livio-a
fforootd fforootd
ZITADEL's Service Users Deactivation not Working High
CVE-2024-47000 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
livio-a Credited to livio-a and fforootd fforootd fforootd
ZITADEL's User Grant Deactivation not Working High
CVE-2024-46999 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
livio-a Credited to livio-a and fforootd fforootd fforootd
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause... High Unreviewed
CVE-2024-39792 was published Aug 14, 2024
Mio's tokens for named pipes may be delivered after deregistration High
CVE-2024-27308 was published for mio (Rust) Mar 4, 2024
rofoun Credited to rofoun and radekvit radekvit radekvit
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid... High Unreviewed
CVE-2021-47069 was published Mar 2, 2024
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022)... High Unreviewed
CVE-2023-34326 was published Jan 5, 2024
By using XSL Transforms, a malicious webserver could have served a user an XSL document that... High Unreviewed
CVE-2022-22755 was published Dec 22, 2022
An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended... High Unreviewed
CVE-2022-30256 was published Nov 19, 2022
A flaw was found in OpenStack. The application credential tokens can be used even after they have... High Unreviewed
CVE-2022-2447 was published Sep 2, 2022
When Responsive Design Mode was enabled, it used references to objects that were previously freed... High Unreviewed
CVE-2021-23995 was published May 24, 2022
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack... High Unreviewed
CVE-2020-13530 was published May 24, 2022
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege... High Unreviewed
CVE-2020-25221 was published May 24, 2022
ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated... High Unreviewed
CVE-2020-24030 was published May 24, 2022
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to... High Unreviewed
CVE-2019-15691 was published May 24, 2022
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the... High Unreviewed
CVE-2017-14895 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database