Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,831
Erlang
36
GitHub Actions
33
Go
2,451
Maven
5,000+
npm
4,073
NuGet
723
pip
3,868
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,318 advisories

Loading
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0... Low Unreviewed
CVE-2025-2988 was published Aug 19, 2025
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/apps.js Low
CVE-2025-9096 was published for express-gateway (npm) Aug 18, 2025
ExpressGateway Cross-Site Scripting Vulnerability in lib/rest/routes/users.js Low
CVE-2025-9095 was published for express-gateway (npm) Aug 18, 2025
Bouncy Castle for Java Uncontrolled Resource Consumption Vulnerability Low
CVE-2025-9092 was published for org.bouncycastle:bc-fips (Maven) Aug 16, 2025
Liferay Portal Login Bypass Vulnerability Low
CVE-2025-3639 was published for com.liferay.portal:release.portal.bom (Maven) Aug 18, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Low
CVE-2025-43733 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 18, 2025
7-Zip before 25.01 does not always properly handle symbolic links during extraction. Low Unreviewed
CVE-2025-55188 was published Aug 8, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request... Low Unreviewed
CVE-2025-54234 was published Aug 18, 2025
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing... Low Unreviewed
CVE-2024-49827 was published Aug 18, 2025
A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is... Low Unreviewed
CVE-2025-9091 was published Aug 17, 2025
A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this... Low Unreviewed
CVE-2017-20199 was published Aug 16, 2025
Template Secret leakage in logs in Scaffolder when using `fetch:template` Low
CVE-2025-55285 was published for @backstage/plugin-scaffolder-backend (npm) Aug 15, 2025
A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function... Low Unreviewed
CVE-2025-9019 was published Aug 15, 2025
A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function... Low Unreviewed
CVE-2025-9020 was published Aug 15, 2025
The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery... Low Unreviewed
CVE-2025-8013 was published Aug 15, 2025
HCL Connections contains a broken access control vulnerability that may allow unauthorized user... Low Unreviewed
CVE-2025-31961 was published Aug 15, 2025
sweetalert2 contains potentially undesirable behavior Low
GHSA-mrr8-v49w-3333 was published for sweetalert2 (npm) Jul 10, 2023
limonte
SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4... Low Unreviewed
CVE-2025-36613 was published Aug 14, 2025
PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user... Low Unreviewed
CVE-2025-8713 was published Aug 14, 2025
Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory... Low Unreviewed
CVE-2025-36581 was published Aug 14, 2025
Moby firewalld reload removes bridge network isolation Low
CVE-2025-54410 was published for github.com/docker/docker (Go) Jul 29, 2025
Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor... Low Unreviewed
CVE-2025-5941 was published Aug 14, 2025
An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1... Low Unreviewed
CVE-2025-2498 was published Aug 13, 2025
HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit Low
GHSA-xcxh-6cv4-q8p8 was published for hfs (npm) Aug 12, 2025
ByteAfterlife
Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet... Low Unreviewed
CVE-2025-24511 was published Aug 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database