Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,752
Maven
5,000+
npm
4,357
NuGet
765
pip
4,121
Pub
12
RubyGems
961
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

145,640 advisories

Loading
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below... Moderate Unreviewed
CVE-2025-57875 was published Sep 29, 2025
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by... Moderate Unreviewed
CVE-2025-36099 was published Sep 29, 2025
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below... Moderate Unreviewed
CVE-2025-57874 was published Sep 29, 2025
Medical Informatics Engineering Enterprise Health includes the user's current session token in... Moderate Unreviewed
CVE-2025-35031 was published Sep 29, 2025
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary... Moderate Unreviewed
CVE-2025-35032 was published Sep 29, 2025
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting... Moderate Unreviewed
CVE-2025-35034 was published Sep 29, 2025
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below... Moderate Unreviewed
CVE-2025-57871 was published Sep 29, 2025
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may... Moderate Unreviewed
CVE-2025-57872 was published Sep 29, 2025
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may... Moderate Unreviewed
CVE-2025-57878 was published Sep 29, 2025
In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the... Moderate Unreviewed
CVE-2025-57197 was published Sep 29, 2025
Mealie 3.0.1 and earlier is vulnerable to Cross-Site Scripting (XSS) in the recipe creation... Moderate Unreviewed
CVE-2025-56795 was published Sep 29, 2025
A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9... Moderate Unreviewed
CVE-2025-56807 was published Sep 29, 2025
IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security... Moderate Unreviewed
CVE-2025-36193 was published Sep 29, 2025
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (RubyGems) Jan 6, 2022
mitchell-codecov nitaiapiiro
DmitriyLewen jkmartindale G-Rath levpachmanov
Credited to mitchell-codecov, nitaiapiiro, DmitriyLewen, jkmartindale, G-Rath, and levpachmanov
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (RubyGems) Jul 19, 2019
mitchell-codecov G-Rath
levpachmanov
Credited to mitchell-codecov, G-Rath, and levpachmanov
A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability... Moderate Unreviewed
CVE-2025-9935 was published Sep 4, 2025
An issue in Aranda PassRecovery v1.0 allows attackers to enumerate valid user accounts in Active... Moderate Unreviewed
CVE-2025-45994 was published Sep 26, 2025
Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an... Moderate Unreviewed
CVE-2024-53647 was published Dec 31, 2024
In the Linux kernel, the following vulnerability has been resolved: io-wq: check for wq exit... Moderate Unreviewed
CVE-2021-47577 was published Jun 19, 2024
In the Linux kernel, the following vulnerability has been resolved: igb: Fix string truncation... Moderate Unreviewed
CVE-2024-36010 was published May 22, 2024
In the Linux kernel, the following vulnerability has been resolved: mm, thp: bail out early in... Moderate Unreviewed
CVE-2021-47492 was published May 22, 2024
In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in... Moderate Unreviewed
CVE-2021-47579 was published Jun 19, 2024
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to... Moderate Unreviewed
CVE-2024-39746 was published Aug 22, 2024
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Put LLD module... Moderate Unreviewed
CVE-2021-47480 was published May 22, 2024
In the Linux kernel, the following vulnerability has been resolved: usbnet: sanity check for... Moderate Unreviewed
CVE-2021-47495 was published May 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database