Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,781
Maven
5,000+
npm
4,386
NuGet
772
pip
4,164
Pub
12
RubyGems
965
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,945 advisories

Loading
Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. Low
CVE-2025-68940 was published for code.gitea.io/gitea (Go) Dec 26, 2025
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user... Low Unreviewed
CVE-2025-36228 was published Dec 26, 2025
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive... Low Unreviewed
CVE-2025-36229 was published Dec 26, 2025
A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the... Low Unreviewed
CVE-2025-15084 was published Dec 25, 2025
A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown... Low Unreviewed
CVE-2025-15083 was published Dec 25, 2025
ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this... Low Unreviewed
CVE-2025-57840 was published Dec 24, 2025
pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.... Low Unreviewed
CVE-2025-14421 was published Dec 24, 2025
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2025-14411 was published Dec 24, 2025
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2025-14408 was published Dec 24, 2025
Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2025-14407 was published Dec 24, 2025
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2025-14410 was published Dec 24, 2025
In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref... Low Unreviewed
CVE-2024-35935 was published May 19, 2024
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML... Low Unreviewed
CVE-2025-65000 was published Dec 18, 2025
SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader... Low Unreviewed
CVE-2025-36744 was published Dec 12, 2025
Piranha has stored cross-site scripting (XSS) vulnerability Low
CVE-2025-67291 was published for Piranha (NuGet) Dec 22, 2025
Piranha has stored cross-site scripting (XSS) vulnerability Low
CVE-2025-67290 was published for Piranha (NuGet) Dec 22, 2025
When loading a plist file, the plistlib module reads data in size specified by the file itself,... Low Unreviewed
CVE-2025-13837 was published Dec 1, 2025
Under certain circumstances, attacker can capture the network key, read or write encrypted... Low Unreviewed
CVE-2025-61738 was published Dec 22, 2025
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to... Low Unreviewed
CVE-2025-12654 was published Dec 21, 2025
pretix has Broken Access Control Allowing Cross-User File Access via UUID Low
CVE-2025-14882 was published for pretix (pip) Dec 19, 2025
pretix has Broken Access Control Allowing Cross-User File Access via UUID Low
CVE-2025-14881 was published for pretix (pip) Dec 19, 2025
cap-std doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51756 was published for cap-async-std (Rust) Nov 5, 2024
nathaniel-daniel
Credited to nathaniel-daniel
Duplicate Advisory: Keycloak allows access to admin path through flaw Low
GHSA-c6cm-5gc7-c3f4 was published for org.keycloak:keycloak-quarkus-server (Maven) Oct 28, 2025 withdrawn
Liferay Portal Vulnerable to Cross-Site Scripting Low
CVE-2025-43733 was published for com.liferay:com.liferay.layout.taglib (Maven) Aug 18, 2025
Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature Low
GHSA-24v3-254g-jv85 was published for @tutao/tutanota-utils (npm) Dec 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database