Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,964 advisories

Loading
A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the... High Unreviewed
CVE-2025-14108 was published Dec 6, 2025
A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this... High Unreviewed
CVE-2025-14107 was published Dec 6, 2025
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api... High Unreviewed
CVE-2025-13426 was published Dec 6, 2025
A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function... High Unreviewed
CVE-2025-14106 was published Dec 6, 2025
Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands High
CVE-2025-66623 was published for io.strimzi:strimzi (Maven) Dec 5, 2025
scholzj ppatierno
im-konge
Credited to scholzj, ppatierno, and im-konge
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in... High Unreviewed
CVE-2025-66644 was published Dec 5, 2025
Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior, contains an Improper Restriction... High Unreviewed
CVE-2025-46603 was published Dec 5, 2025
yawkat LZ4 Java has a possible information leak in Java safe decompressor High
CVE-2025-66566 was published for at.yawk.lz4:lz4-java (Maven) Dec 5, 2025
simonresch
Credited to simonresch
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data... High Unreviewed
CVE-2020-36880 was published Dec 5, 2025
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command... High Unreviewed
CVE-2020-36882 was published Dec 5, 2025
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory'... High Unreviewed
CVE-2020-36881 was published Dec 5, 2025
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2... High Unreviewed
CVE-2020-36876 was published Dec 5, 2025
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any... High Unreviewed
CVE-2020-36879 was published Dec 5, 2025
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability... High Unreviewed
CVE-2020-36878 was published Dec 5, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5,... High Unreviewed
CVE-2024-9183 was published Dec 5, 2025
zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In... High Unreviewed
CVE-2025-65897 was published Dec 5, 2025
The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The... High Unreviewed
CVE-2025-65878 was published Dec 5, 2025
Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability.... High Unreviewed
CVE-2025-65879 was published Dec 5, 2025
A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial... High Unreviewed
CVE-2025-64053 was published Dec 5, 2025
Sigstore Timestamp Authority allocates excessive memory during request parsing High
CVE-2025-66564 was published for github.com/sigstore/timestamp-authority (Go) Dec 5, 2025
Fulcio allocates excessive memory during token parsing High
CVE-2025-66506 was published for github.com/sigstore/fulcio (Go) Dec 5, 2025
adeinega
Credited to adeinega
urllib3 streaming API improperly handles highly compressed data High
CVE-2025-66471 was published for urllib3 (pip) Dec 5, 2025
illia-v pquentin
sethmlarson Cycloctane stamparm
Credited to illia-v, pquentin, sethmlarson, Cycloctane, and stamparm
urllib3 allows an unbounded number of links in the decompression chain High
CVE-2025-66418 was published for urllib3 (pip) Dec 5, 2025
illia-v sethmlarson
pquentin
Credited to illia-v, sethmlarson, and pquentin
Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on... High Unreviewed
CVE-2025-64057 was published Dec 5, 2025
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but... High Unreviewed
CVE-2025-58098 was published Dec 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database