Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,739
Maven
5,000+
npm
4,338
NuGet
765
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

106,529 advisories

Loading
Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence... High Unreviewed
CVE-2025-14332 was published Dec 9, 2025
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146 and... High Unreviewed
CVE-2025-14329 was published Dec 9, 2025
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146 and... High Unreviewed
CVE-2025-14328 was published Dec 9, 2025
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data... High Unreviewed
CVE-2020-36880 was published Dec 5, 2025
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox <... High Unreviewed
CVE-2025-14325 was published Dec 9, 2025
Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox <... High Unreviewed
CVE-2025-14323 was published Dec 9, 2025
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This... High Unreviewed
CVE-2025-14322 was published Dec 9, 2025
A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal... High Unreviewed
CVE-2025-13152 was published Dec 10, 2025
Due to improper BLE security configurations on the device's GATT server, an adjacent... High Unreviewed
CVE-2024-2104 was published Dec 10, 2025
An improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a... High Unreviewed
CVE-2025-13155 was published Dec 10, 2025
A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser... High Unreviewed
CVE-2025-12046 was published Dec 10, 2025
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and... High Unreviewed
CVE-2025-14333 was published Dec 9, 2025
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command... High Unreviewed
CVE-2020-36882 was published Dec 5, 2025
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory'... High Unreviewed
CVE-2020-36881 was published Dec 5, 2025
Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12... High Unreviewed
CVE-2025-41358 was published Dec 10, 2025
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie()... High Unreviewed
CVE-2025-41732 was published Dec 10, 2025
A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low... High Unreviewed
CVE-2025-7073 was published Dec 10, 2025
The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version <=... High Unreviewed
CVE-2025-14390 was published Dec 10, 2025
An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account()... High Unreviewed
CVE-2025-41730 was published Dec 10, 2025
Incorrect Use of Privileged APIs vulnerability in NomySost Information Technology Training and... High Unreviewed
CVE-2025-1161 was published Dec 10, 2025
NarSuS App registers a Windows service with an unquoted file path. A user with the write... High Unreviewed
CVE-2025-61865 was published Oct 23, 2025
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent... High Unreviewed
CVE-2025-12952 was published Dec 10, 2025
A remote code execution (RCE) vulnerability exists in Google Cloud Data Fusion. A user with... High Unreviewed
CVE-2025-9571 was published Dec 10, 2025
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all... High Unreviewed
CVE-2025-13339 was published Dec 10, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5,... High Unreviewed
CVE-2024-9183 was published Dec 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database