Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,954
Maven
5,000+
npm
4,606
NuGet
787
pip
4,305
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

61 advisories

Loading
In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device... High Unreviewed
CVE-2025-69415 was published Jan 2, 2026
In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure... High Unreviewed
CVE-2025-39698 was published Sep 5, 2025
In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of... Low Unreviewed
CVE-2025-64686 was published Nov 10, 2025
When passing through PCI devices, the detach logic in libxl won't remove access permissions to... High Unreviewed
CVE-2025-58149 was published Oct 31, 2025
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022)... High Unreviewed
CVE-2023-34326 was published Jan 5, 2024
In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible... Moderate Unreviewed
CVE-2024-49955 was published Oct 21, 2024
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. Moderate Unreviewed
CVE-2021-42778 was published Apr 19, 2022
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and... High Unreviewed
CVE-2025-31253 was published May 13, 2025
In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a... High Unreviewed
CVE-2024-57929 was published Jan 19, 2025
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are... High Unreviewed
CVE-2025-55669 was published Oct 15, 2025
ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated... High Unreviewed
CVE-2020-24030 was published May 24, 2022
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
UAF vulnerability in the device node access module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2024-56434 was published Jan 8, 2025
MongoDB Server may allow upsert operations retried within a transaction to violate unique index... Moderate Unreviewed
CVE-2025-10060 was published Sep 5, 2025
Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety Low
GHSA-655h-hg88-5qmf was published for xcb (Rust) Aug 22, 2025
Wasmtime CLI is vulnerable to host panic through its fd_renumber function Low
CVE-2025-53901 was published for wasmtime (Rust) Jul 18, 2025
hatoo rvolosatovs
Credited to hatoo and rvolosatovs
In the Linux kernel, the following vulnerability has been resolved: netrom: Decrease sock... Moderate Unreviewed
CVE-2021-47294 was published May 21, 2024
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of... High Unreviewed
CVE-2025-6031 was published Jun 12, 2025
Suspended Directus user can continue to use session token to access API Low
CVE-2025-30351 was published for @directus/api (npm) Mar 26, 2025
An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended... High Unreviewed
CVE-2022-30256 was published Nov 19, 2022
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. Low Unreviewed
CVE-2025-2517 was published Apr 21, 2025
By using XSL Transforms, a malicious webserver could have served a user an XSL document that... High Unreviewed
CVE-2022-22755 was published Dec 22, 2022
array-init-cursor is unsound when used with types that implement `Drop` Low
GHSA-67r5-rqwv-9p9q was published for array-init-cursor (Rust) Mar 31, 2025
An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7... High Unreviewed
CVE-2024-47571 was published Jan 14, 2025
Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow... Moderate Unreviewed
CVE-2022-27499 was published Nov 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database