Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

115,506 advisories

Loading
OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of... High Unreviewed
CVE-2025-13970 was published Dec 13, 2025
aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer High
CVE-2025-67721 was published for io.airlift:aircompressor-v3 (Maven) Dec 12, 2025
kyakdan
Credited to kyakdan
WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject... High Unreviewed
CVE-2024-58305 was published Dec 12, 2025
Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection... High Unreviewed
CVE-2024-58314 was published Dec 12, 2025
Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for... High Unreviewed
CVE-2025-14611 was published Dec 12, 2025
A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This affects an unknown part of the... High Unreviewed
CVE-2025-14572 was published Dec 12, 2025
Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows... High Unreviewed
CVE-2024-14010 was published Dec 12, 2025
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows... High Unreviewed
CVE-2024-58311 was published Dec 12, 2025
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success... High Unreviewed
CVE-2024-58316 was published Dec 12, 2025
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a... High Unreviewed
CVE-2025-14174 was published Dec 12, 2025
Vuetify has a Prototype Pollution vulnerability High
CVE-2025-8083 was published for vuetify (npm) Dec 12, 2025
Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations High
CVE-2025-3586 was published for com.liferay:com.liferay.object.service (Maven) Dec 12, 2025
Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule High
CVE-2025-67750 was published for lightning-flow-scanner (npm) Dec 12, 2025
RubenHalman
Credited to RubenHalman
Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration High
GHSA-4jmp-x7mh-rgmr was published for github.com/babylonlabs-io/finality-provider (Go) Dec 12, 2025
NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) High
CVE-2025-66001 was published for github.com/neuvector/neuvector (Go) Dec 12, 2025
Apache StreamPark: Use the user’s password as the secret key Vulnerability High
CVE-2025-53960 was published for org.apache.streampark:streampark (Maven) Dec 12, 2025
Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip High
CVE-2025-67818 was published for github.com/weaviate/weaviate (Go) Dec 12, 2025
Weaviate OSS has path traversal vulnerability via the Shard Movement API High
CVE-2025-67819 was published for github.com/weaviate/weaviate (Go) Dec 12, 2025
BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their... High Unreviewed
CVE-2025-13733 was published Dec 12, 2025
An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4... High Unreviewed
CVE-2025-65530 was published Dec 12, 2025
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up High
GHSA-5j59-xgg2-r9c4 was published for next (npm) Dec 12, 2025
Vite Plugin React has a Denial of Service Vulnerability in React Server Components High
GHSA-cpqf-f22c-r95x was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Denial of Service Vulnerability in React Server Components High
CVE-2025-67779 was published for react-server-dom-parcel (npm) Dec 12, 2025
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient... High Unreviewed
CVE-2025-58770 was published Dec 12, 2025
Apache StreamPark uses a Weak Encryption Algorithm High
CVE-2025-54981 was published for org.apache.streampark:streampark (Maven) Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database