Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,796
Maven
5,000+
npm
4,410
NuGet
772
pip
4,181
Pub
12
RubyGems
965
Rust
1,078
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,985 advisories

Loading
The Report Builder component of the application stores user input directly in a web page and... Low Unreviewed
CVE-2025-12776 was published Jan 8, 2026
`IterMut` violates Stacked Borrows by invalidating internal pointer Low
GHSA-rhfx-m35p-ff5j was published for lru (Rust) Jan 7, 2026
loggingredactor converts non-string types to string types in logs Low
CVE-2026-22041 was published for loggingredactor (pip) Jan 7, 2026
armurox
Credited to armurox
Improper service binding configuration in internal service components in HCL BigFix IVR version 4... Low Unreviewed
CVE-2025-31964 was published Jan 7, 2026
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version... Low Unreviewed
CVE-2025-31962 was published Jan 7, 2026
Improper authentication and missing CSRF protection in the local setup interface component in HCL... Low Unreviewed
CVE-2025-31963 was published Jan 7, 2026
The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized... Low Unreviewed
CVE-2025-12958 was published Jan 7, 2026
Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules... Low Unreviewed
CVE-2025-11235 was published Jan 7, 2026
carbone Code Injection vulnerability Low
CVE-2024-14020 was published for carbone (npm) Jan 7, 2026
rsa crate has potential panic on a prime being equal to 1 Low
CVE-2026-21895 was published for rsa (Rust) Jan 6, 2026
invd
Credited to invd
AIOHTTP Vulnerable to Cookie Parser Warning Storm Low
CVE-2025-69230 was published for aiohttp (pip) Jan 5, 2026
Finder16
Credited to Finder16
AIOHTTP vulnerable to brute-force leak of internal static file path components Low
CVE-2025-69226 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
AIOHTTP has unicode match groups in regexes for ASCII protocol elements Low
CVE-2025-69225 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
AIOHTTP's unicode processing of header values could cause parsing discrepancies Low
CVE-2025-69224 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
badkeys vulnerable to ASCII control character injection on console via malformed input Low
CVE-2026-21439 was published for badkeys (pip) Jan 5, 2026
hannob
Credited to hannob
The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links... Low Unreviewed
CVE-2025-9543 was published Jan 5, 2026
A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown... Low Unreviewed
CVE-2025-15454 was published Jan 5, 2026
A buffer overflow vulnerability has been reported to affect several QNAP operating system... Low Unreviewed
CVE-2025-62852 was published Jan 2, 2026
An exposure of sensitive system information to an unauthorized control sphere vulnerability has... Low Unreviewed
CVE-2025-9110 was published Jan 2, 2026
A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker... Low Unreviewed
CVE-2025-53597 was published Jan 2, 2026
An out-of-bounds read vulnerability has been reported to affect License Center. If a remote... Low Unreviewed
CVE-2025-52871 was published Jan 2, 2026
A buffer overflow vulnerability has been reported to affect several QNAP operating system... Low Unreviewed
CVE-2025-48721 was published Jan 2, 2026
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote... Low Unreviewed
CVE-2025-62857 was published Jan 2, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating... Low Unreviewed
CVE-2025-53414 was published Jan 2, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating... Low Unreviewed
CVE-2025-53589 was published Jan 2, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database