Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,966
NuGet
713
pip
3,759
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12,053 advisories

Loading
A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic... Low Unreviewed
CVE-2025-6107 was published Jun 16, 2025
PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to... Low Unreviewed
CVE-2025-21085 was published Jun 15, 2025
handcraftedinthealps/goodby-csv has Potential Gadget Chain allowing Remote Code Execution Low
CVE-2025-49597 was published for handcraftedinthealps/goodby-csv (Composer) Jun 13, 2025
mcdruid
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is... Low Unreviewed
CVE-2025-6052 was published Jun 13, 2025
RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less... Low Unreviewed
CVE-2025-48825 was published Jun 13, 2025
Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion... Low Unreviewed
CVE-2024-38822 was published Jun 13, 2025
Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport. Low Unreviewed
CVE-2024-38823 was published Jun 13, 2025
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs... Low Unreviewed
CVE-2025-4227 was published Jun 13, 2025
Vantage6 Server JWT secret not cryptographically secure Low
CVE-2025-43866 was published for vantage6-server (pip) Jun 12, 2025
vantage6 lacks brute-force protection on change password functionality Low
CVE-2025-43863 was published for vantage6 (pip) Jun 12, 2025
An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11... Low Unreviewed
CVE-2025-5982 was published Jun 12, 2025
The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be... Low Unreviewed
CVE-2025-49198 was published Jun 12, 2025
An incorrect default permissions vulnerability was reported in the MotoSignature application that... Low Unreviewed
CVE-2025-1699 was published Jun 11, 2025
Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could... Low Unreviewed
CVE-2025-1698 was published Jun 11, 2025
Mattermost allows guest users to view information about public teams they are not members of Low
CVE-2025-4128 was published for github.com/mattermost/mattermost-server (Go) Jun 11, 2025
There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module.... Low Unreviewed
CVE-2025-5991 was published Jun 11, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2025-47096 was published Jun 11, 2025
The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0.... Low Unreviewed
CVE-2025-22829 was published Jun 11, 2025
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
GHSA-2x5j-vhc8-9cwm was published for github.com/cloudflare/circl (Go) Jun 10, 2025
Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF... Low Unreviewed
CVE-2025-36576 was published Jun 10, 2025
An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before &... Low Unreviewed
CVE-2023-29184 was published Jun 10, 2025
An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in... Low Unreviewed
CVE-2025-22251 was published Jun 10, 2025
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an... Low Unreviewed
CVE-2025-42988 was published Jun 10, 2025
Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML... Low Unreviewed
CVE-2025-42990 was published Jun 10, 2025
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post... Low Unreviewed
CVE-2025-0036 was published Jun 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database