Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

144,504 advisories

Loading
A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the... Moderate Unreviewed
CVE-2025-14116 was published Dec 6, 2025
An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0... Moderate Unreviewed
CVE-2025-8148 was published Dec 5, 2025
A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an... Moderate Unreviewed
CVE-2025-14105 was published Dec 5, 2025
nitro-tpm-pcr-compute may allow kernel command line modification by an account operator Moderate
GHSA-xrv8-2pf5-f3q7 was published for nitro-tpm-pcr-compute (Rust) Dec 5, 2025
agraf mariusknaust
Credited to agraf and mariusknaust
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34261 was published Dec 5, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34257 was published Dec 5, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34265 was published Dec 5, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34262 was published Dec 5, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34258 was published Dec 5, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34264 was published Dec 5, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34263 was published Dec 5, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34260 was published Dec 5, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34259 was published Dec 5, 2025
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2025-34266 was published Dec 5, 2025
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing... Moderate Unreviewed
CVE-2025-14104 was published Dec 5, 2025
A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990... Moderate Unreviewed
CVE-2025-14093 was published Dec 5, 2025
A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function... Moderate Unreviewed
CVE-2025-14094 was published Dec 5, 2025
A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows... Moderate Unreviewed
CVE-2025-64054 was published Dec 5, 2025
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local... Moderate Unreviewed
CVE-2025-64052 was published Dec 5, 2025
A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the... Moderate Unreviewed
CVE-2025-14092 was published Dec 5, 2025
A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function... Moderate Unreviewed
CVE-2025-14089 was published Dec 5, 2025
A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an... Moderate Unreviewed
CVE-2025-14090 was published Dec 5, 2025
A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to... Moderate Unreviewed
CVE-2025-14091 was published Dec 5, 2025
Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte Moderate
CVE-2025-66220 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
ggreenway yanavlasov agrawroh
Credited to botengyao, phlax, ggreenway, yanavlasov, and agrawroh
Envoy crashes when JWT authentication is configured with the remote JWKS fetching Moderate
CVE-2025-64527 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
agrawroh yanavlasov
Credited to botengyao, phlax, agrawroh, and yanavlasov
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database