Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12,014 advisories

Loading
SpiceDB checks involving relations with caveats can result in no permission when permission is expected Low
CVE-2025-49011 was published for github.com/authzed/spicedb (Go) Jun 6, 2025
miparnisari
A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If... Low Unreviewed
CVE-2024-50406 was published Jun 6, 2025
A use of externally-controlled format string vulnerability has been reported to affect Qsync... Low Unreviewed
CVE-2025-22482 was published Jun 6, 2025
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local ... Low Unreviewed
CVE-2025-29871 was published Jun 6, 2025
A command injection vulnerability has been reported to affect QHora. If an attacker gains local... Low Unreviewed
CVE-2024-13087 was published Jun 6, 2025
A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic.... Low Unreviewed
CVE-2025-5715 was published Jun 6, 2025
A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is... Low Unreviewed
CVE-2025-5648 was published Jun 5, 2025
A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability... Low Unreviewed
CVE-2025-5646 was published Jun 5, 2025
A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the... Low Unreviewed
CVE-2025-5647 was published Jun 5, 2025
A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the... Low Unreviewed
CVE-2025-5642 was published Jun 5, 2025
A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected... Low Unreviewed
CVE-2025-5644 was published Jun 5, 2025
A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects... Low Unreviewed
CVE-2025-5645 was published Jun 5, 2025
A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects... Low Unreviewed
CVE-2025-5641 was published Jun 5, 2025
A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this... Low Unreviewed
CVE-2025-5643 was published Jun 5, 2025
anon-vec lacks sufficient checks in public API Low
GHSA-pr59-jjr4-gcf6 was published for anon-vec (Rust) Jun 5, 2025
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an... Low Unreviewed
CVE-2025-20277 was published Jun 4, 2025
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an... Low Unreviewed
CVE-2025-20276 was published Jun 4, 2025
setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size ... Low Unreviewed
CVE-2025-49112 was published Jun 2, 2025
Mattermost fails to properly enforce access controls for guest users Low
CVE-2025-1792 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly enforce access control restrictions for System Manager roles Low
CVE-2025-3611 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Apache Tomcat - CGI security constraint bypass Low
CVE-2025-46701 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 29, 2025
Gradio CORS Origin Validation Bypass Vulnerability Low
CVE-2025-5320 was published for gradio (pip) May 29, 2025
Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution Low
CVE-2025-5321 was published for aim (pip) May 29, 2025
Information exposure in Next.js dev server due to lack of origin verification Low
CVE-2025-48068 was published for next (npm) May 28, 2025
sapphi-red R4356th
The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up... Low Unreviewed
CVE-2025-48931 was published May 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database