GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
40 advisories
Filter by severity
An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's...
Critical
Unreviewed
CVE-2026-48700
was published
May 26, 2026
A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the...
Moderate
Unreviewed
CVE-2026-5251
was published
Apr 1, 2026
A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the...
Moderate
Unreviewed
CVE-2026-5248
was published
Apr 1, 2026
A vulnerability was determined in SamuNatsu HaloBot up to...
Moderate
Unreviewed
CVE-2025-14695
was published
Dec 15, 2025
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to...
High
Unreviewed
CVE-2025-13659
was published
Dec 9, 2025
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api...
High
Unreviewed
CVE-2025-13426
was published
Dec 6, 2025
A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown...
Moderate
Unreviewed
CVE-2025-14085
was published
Dec 5, 2025
A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById...
Moderate
Unreviewed
CVE-2025-14051
was published
Dec 5, 2025
Improper control of dynamically-managed code resources vulnerability in WebAPI component in...
Moderate
Unreviewed
CVE-2024-5401
was published
Dec 4, 2025
Improper control of dynamically-managed code resources for some Intel(R) NPU Drivers within Ring...
Moderate
Unreviewed
CVE-2025-26405
was published
Nov 11, 2025
An unauthenticated remote attacker can alter the device configuration in a way to get remote code...
Critical
Unreviewed
CVE-2025-25270
was published
Jul 8, 2025
A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic...
Low
Unreviewed
CVE-2025-6107
was published
Jun 16, 2025
In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to...
Low
Unreviewed
CVE-2025-46675
was published
Apr 27, 2025
NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use,...
Moderate
Unreviewed
CVE-2025-46673
was published
Apr 27, 2025
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values...
Moderate
Unreviewed
CVE-2012-2055
was published
May 17, 2022
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by...
High
Unreviewed
CVE-2022-31764
was published
Feb 6, 2025
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a...
High
Unreviewed
CVE-2024-7297
was published
Jul 30, 2024
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the...
Moderate
Unreviewed
CVE-2023-39983
was published
Sep 2, 2023
Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on...
Moderate
Unreviewed
CVE-2024-2537
was published
Mar 15, 2024
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross...
Moderate
Unreviewed
CVE-2023-6184
was published
Jan 18, 2024
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable...
High
Unreviewed
CVE-2023-31032
was published
Jan 12, 2024
An information disclosure vulnerability exists when the Windows GDI component improperly...
Moderate
Unreviewed
CVE-2020-1097
was published
May 24, 2022
An information disclosure vulnerability exists when the Windows GDI component improperly...
Moderate
Unreviewed
CVE-2020-1091
was published
May 24, 2022
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically...
Critical
Unreviewed
CVE-2023-43177
was published
Nov 18, 2023
In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they...
High
Unreviewed
CVE-2022-25265
was published
Feb 17, 2022
ProTip!
Advisories are also available from the
GraphQL API