Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

10,040 advisories

Loading
Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows... Moderate Unreviewed
CVE-2025-64670 was published Dec 9, 2025
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected... Moderate Unreviewed
CVE-2025-40940 was published Dec 9, 2025
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected... Moderate Unreviewed
CVE-2025-40941 was published Dec 9, 2025
A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is... Moderate Unreviewed
CVE-2025-14286 was published Dec 9, 2025
EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive... Moderate Unreviewed
CVE-2024-38798 was published Dec 9, 2025
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2025-12558 was published Dec 9, 2025
CNA Plugins Portmap nftables backend can intercept non-local traffic Moderate
CVE-2025-67499 was published for github.com/containernetworking/plugins (Go) Dec 9, 2025
agusdallalba champtar
Credited to agusdallalba and champtar
Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality Moderate
CVE-2025-66625 was published for Umbraco.Cms (NuGet) Dec 9, 2025
App lock verification bypass vulnerability in the file management app. Impact: Successful... Moderate Unreviewed
CVE-2025-66330 was published Dec 8, 2025
Permission control vulnerability in the media library module. Impact: Successful exploitation of... Moderate Unreviewed
CVE-2025-58279 was published Dec 8, 2025
A vulnerability was detected in Verysync 微力同步 2.21.3. This affects an unknown function of the... Moderate Unreviewed
CVE-2025-14198 was published Dec 7, 2025
A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is... Moderate Unreviewed
CVE-2025-14197 was published Dec 7, 2025
Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands High
CVE-2025-66623 was published for io.strimzi:strimzi (Maven) Dec 5, 2025
scholzj ppatierno
im-konge
Credited to scholzj, ppatierno, and im-konge
The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2025-13006 was published Dec 5, 2025
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2025-13494 was published Dec 5, 2025
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be... High Unreviewed
CVE-2025-10285 was published Dec 5, 2025
ComposioHQ has a directory traversal vulnerability Moderate
CVE-2025-56427 was published for composio (pip) Dec 4, 2025
libcrux incorrectly calculates on aarch64 High
GHSA-2cgv-28vr-rv6j was published for libcrux-intrinsics (Rust) Dec 4, 2025
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are... Critical Unreviewed
CVE-2025-54304 was published Dec 4, 2025
Ansible Community General Collection is vulnerable to exposure of sensitive information Moderate
CVE-2025-14010 was published for ansible (pip) Dec 4, 2025
reanguiano
Credited to reanguiano
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in... Moderate Unreviewed
CVE-2025-11379 was published Dec 4, 2025
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58,... Moderate Unreviewed
CVE-2025-20383 was published Dec 3, 2025
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2025-12585 was published Dec 3, 2025
Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated... Moderate Unreviewed
CVE-2025-41066 was published Dec 2, 2025
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an... Moderate Unreviewed
CVE-2025-41014 was published Dec 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database