Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,794
Maven
5,000+
npm
4,400
NuGet
772
pip
4,178
Pub
12
RubyGems
965
Rust
1,074
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,700 advisories

Loading
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input High
CVE-2025-61916 was published for io.spinnaker.clouddriver:clouddriver-artifacts (Maven) Jan 5, 2026
jake-ciolek CodeWobbler
jasonmcintosh Jaimeoby
Credited to jake-ciolek, CodeWobbler, jasonmcintosh, and Jaimeoby
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos... High Unreviewed
CVE-2025-52519 was published Jan 5, 2026
In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible... High Unreviewed
CVE-2025-36932 was published Dec 11, 2025
Mattermost Server is vulnerable to channel invisibility DoS via misformatted post Moderate
CVE-2017-18873 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
flagd: Multiple Go Runtime CVEs Impact Security and Availability High
GHSA-4c5f-9mj4-m247 was published for github.com/open-feature/flagd/core (Go) Jan 5, 2026
pramod-ahire
Credited to pramod-ahire
A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the... Moderate Unreviewed
CVE-2025-15453 was published Jan 5, 2026
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26... Moderate Unreviewed
CVE-2025-66864 was published Dec 29, 2025
An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows... Moderate Unreviewed
CVE-2025-66866 was published Dec 29, 2025
Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified... Critical Unreviewed
CVE-2025-34158 was published Aug 21, 2025
A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar:... Moderate Unreviewed
CVE-2025-15438 was published Jan 2, 2026
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of... Moderate Unreviewed
CVE-2025-15375 was published Dec 31, 2025
An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version... Critical Unreviewed
CVE-2025-34049 was published Jun 26, 2025
Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22772 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22769 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22770 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-23842 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22768 was published Jan 23, 2024
Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause... High Unreviewed
CVE-2024-22771 was published Jan 23, 2024
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion High
CVE-2025-15284 was published for qs (npm) Dec 30, 2025
samipmainali ljharb
Credited to samipmainali and ljharb
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this... Moderate Unreviewed
CVE-2025-15246 was published Dec 30, 2025
DVP-12SE11T - Denial of Service Vulnerability High Unreviewed
CVE-2025-15358 was published Dec 30, 2025
A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function... Low Unreviewed
CVE-2025-15222 was published Dec 30, 2025
Duplicate Advisory: OS Command Injection in Strapi High
GHSA-49vv-6q7q-w5cf was published for strapi (npm) Dec 10, 2021 withdrawn
A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function... Low Unreviewed
CVE-2025-15117 was published Dec 28, 2025
Insufficient type validation in pocketmine/pocketmine-mp High
GHSA-g5rr-p69h-7v3g was published for pocketmine/pocketmine-mp (Composer) Apr 22, 2022
kurt-r2c
Credited to kurt-r2c
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database