Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

348 advisories

Loading
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may... High Unreviewed
CVE-2025-67460 was published Dec 10, 2025
Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical... High Unreviewed
CVE-2025-34413 was published Dec 9, 2025
HTTP/HTTPS Traffic Interception Bypass in mad-proxy Moderate
CVE-2025-67485 was published for mad-proxy (pip) Dec 9, 2025
machphy
Credited to machphy
In multiple locations, there is a possible way to launch an application from the background due... Critical Unreviewed
CVE-2025-48626 was published Dec 8, 2025
Envoy forwards early CONNECT data in TCP proxy mode Low
CVE-2025-64763 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
yanavlasov agrawroh chasingimpact
Credited to botengyao, phlax, yanavlasov, agrawroh, and chasingimpact
Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing Low
CVE-2025-66479 was published for @anthropic-ai/sandbox-runtime (npm) Dec 4, 2025
Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass... Moderate Unreviewed
CVE-2025-29864 was published Dec 3, 2025
The WP Headless CMS Framework plugin for WordPress is vulnerable to protection mechanism bypass... Moderate Unreviewed
CVE-2025-11260 was published Nov 13, 2025
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an... Moderate Unreviewed
CVE-2025-62453 was published Nov 11, 2025
Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may... High Unreviewed
CVE-2025-35968 was published Nov 11, 2025
Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001... Moderate Unreviewed
CVE-2025-24848 was published Nov 11, 2025
Protection mechanism failure for some Intel(R) NPU Drivers within Ring 3: User Applications may... Moderate Unreviewed
CVE-2025-26402 was published Nov 11, 2025
Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001... Moderate Unreviewed
CVE-2025-24834 was published Nov 11, 2025
Collision in MiniFilter driver in Avast Software Avast Free Antivirus  before 25.9  on Windows... Moderate Unreviewed
CVE-2025-10905 was published Nov 11, 2025
Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a... Moderate Unreviewed
CVE-2025-12906 was published Nov 8, 2025
Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a... Moderate Unreviewed
CVE-2025-12909 was published Nov 8, 2025
Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH Low
GHSA-j2pc-v64r-mv4f was published for io.github.ascopes:protobuf-maven-plugin (Maven) Nov 4, 2025
Marcono1234
Credited to Marcono1234
Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker... Moderate Unreviewed
CVE-2025-60711 was published Oct 31, 2025
Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Moderate Unreviewed
CVE-2025-12554 was published Oct 31, 2025
The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) plugin for... Moderate Unreviewed
CVE-2025-12094 was published Oct 31, 2025
HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to... Low Unreviewed
CVE-2025-52615 was published Oct 12, 2025
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. The flaw exists... High Unreviewed
CVE-2025-55886 was published Sep 22, 2025
Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports Critical
GHSA-hf6h-9wq7-hmjg was published for picklescan (pip) Sep 17, 2025 withdrawn
A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote... High Unreviewed
CVE-2025-37124 was published Sep 17, 2025
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird... High Unreviewed
CVE-2025-10528 was published Sep 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database