Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,688
Erlang
34
GitHub Actions
26
Go
2,274
Maven
5,000+
npm
3,930
NuGet
706
pip
3,696
Pub
12
RubyGems
919
Rust
955
Swift
38
Unreviewed advisories
All unreviewed
5,000+

11,907 advisories

Loading
Apache Commons Configuration Uncontrolled Resource Consumption Low
CVE-2025-46392 was published for commons-configuration:commons-configuration (Maven) May 9, 2025
trailer mishandles allocating with a size of zero Low
CVE-2025-47737 was published for trailer (Rust) May 9, 2025
libsql-sqlite3-parser crash due to invalid UTF-8 input Low
CVE-2025-47736 was published for libsql-sqlite3-parser (Rust) May 9, 2025
wgp race condition in inner::drop Low
CVE-2025-47735 was published for wgp (Rust) May 9, 2025
Rapid7 Corporate Website prior to May 2nd 2025, suffered from a URL Redirection to Untrusted Site... Low Unreviewed
CVE-2025-4132 was published May 8, 2025
OpenStack Ironic fails to restrict paths used for file:// image URLs Low
CVE-2025-44021 was published for ironic (pip) May 8, 2025
The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM... Low Unreviewed
CVE-2025-47729 was published May 8, 2025
Trix vulnerable to Cross-site Scripting on copy & paste Low
CVE-2025-46812 was published for trix (npm) May 8, 2025
scanner has a Public API without sufficient bounds checking Low
GHSA-79m9-55jc-p6mw was published for scanner (Rust) May 7, 2025
Use of implicit intent for sensitive communication in translation in Samsung Notes prior to... Low Unreviewed
CVE-2025-20977 was published May 7, 2025
Out-of-bounds Read vulnerability in unpack_response (session.c) in libplctag from 2.0 through 2.6... Low Unreviewed
CVE-2025-1399 was published May 7, 2025
Out-of-bounds Read vulnerability in unpack_response (conn.c) in libplctag from 2.0 through 2.6.3... Low Unreviewed
CVE-2025-1400 was published May 7, 2025
Redox UEFI Safe API can cause heap-buffer-overflow Low
GHSA-58xc-hpvq-8473 was published for redox_uefi_std (Rust) May 6, 2025
Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation... Low Unreviewed
CVE-2025-22479 was published May 6, 2025
Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper... Low Unreviewed
CVE-2025-23379 was published May 6, 2025
Terraform WinDNS Provider improperly sanitizes input variables in `windns_record` Low
CVE-2025-46735 was published for github.com/nrkno/terraform-provider-windns (Go) May 6, 2025
polo-sec sjurtf
Foxboron
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer... Low Unreviewed
CVE-2025-27241 was published May 6, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow. Low Unreviewed
CVE-2025-25052 was published May 6, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre... Low Unreviewed
CVE-2025-27132 was published May 6, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release... Low Unreviewed
CVE-2025-22886 was published May 6, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer... Low Unreviewed
CVE-2025-25218 was published May 6, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer... Low Unreviewed
CVE-2025-27248 was published May 6, 2025
Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields Low
CVE-2025-46720 was published for @keystone-6/core (npm) May 5, 2025
emmatown dcousens
@misskey-dev/summaly Redirect Filter Bypass Low
CVE-2025-46553 was published for @misskey-dev/summaly (npm) May 5, 2025
warriordog
October CMS Allows Unprotected SVG Rename in Media Manager Low
CVE-2024-51991 was published for october/october (Composer) May 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database