Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

114,973 advisories

Loading
In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new... High Unreviewed
CVE-2025-20387 was published Dec 3, 2025
In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new... High Unreviewed
CVE-2025-20386 was published Dec 3, 2025
An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary... High Unreviewed
CVE-2025-54326 was published Dec 3, 2025
Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable to Cleartext Storage of... High Unreviewed
CVE-2025-65320 was published Dec 3, 2025
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An... High Unreviewed
CVE-2025-7044 was published Dec 3, 2025
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an... High Unreviewed
CVE-2025-57201 was published Dec 3, 2025
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an... High Unreviewed
CVE-2025-57199 was published Dec 3, 2025
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an... High Unreviewed
CVE-2025-57198 was published Dec 3, 2025
Coder logs sensitive objects unsanitized High
CVE-2025-66411 was published for github.com/coder/coder/v2 (Go) Dec 3, 2025
Claude Code Command Validation Bypass Allows Arbitrary Code Execution High
CVE-2025-66032 was published for @anthropic-ai/claude-code (npm) Dec 3, 2025
Ry0taK
Credited to Ry0taK
Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode High
CVE-2025-64443 was published for github.com/docker/mcp-gateway (Go) Dec 3, 2025
JLLeitschuh
Credited to JLLeitschuh
Akamai Guardicore Platform Agent before 52.1.1 allows an unprivileged user to fully elevate... High Unreviewed
CVE-2025-53841 was published Dec 3, 2025
Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors High
CVE-2025-66468 was published for aimeos/ai-cms-grapesjs (Composer) Dec 3, 2025
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information... High Unreviewed
CVE-2025-13947 was published Dec 3, 2025
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up... High Unreviewed
CVE-2025-12744 was published Dec 3, 2025
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2025-13645 was published Dec 3, 2025
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to... High Unreviewed
CVE-2025-13646 was published Dec 3, 2025
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer... High Unreviewed
CVE-2025-64298 was published Dec 2, 2025
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure... High Unreviewed
CVE-2025-64642 was published Dec 2, 2025
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text... High Unreviewed
CVE-2025-64778 was published Dec 2, 2025
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data... High Unreviewed
CVE-2025-61940 was published Dec 2, 2025
NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user... High Unreviewed
CVE-2025-62575 was published Dec 2, 2025
Within HostnameError.Error(), when constructing an error string, there is no limit to the number... High Unreviewed
CVE-2025-61729 was published Dec 2, 2025
JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is... High Unreviewed
CVE-2025-34352 was published Dec 2, 2025
Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker... High Unreviewed
CVE-2025-13638 was published Dec 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database