GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,763
Composer 4,750
Erlang 35
GitHub Actions 29
Go 2,323
Maven 5,608
npm 3,956
NuGet 712
pip 3,739
Pub 12
RubyGems 921
Rust 973
Swift 38

Unreviewed advisories

All unreviewed 258,306

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

10,609 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv... Low Unreviewed

CVE-2024-58251 was published Apr 23, 2025

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through... Low Unreviewed

CVE-2025-46394 was published Apr 23, 2025

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after... Low Unreviewed

CVE-2025-43965 was published Apr 23, 2025

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled ... Low Unreviewed

CVE-2025-46393 was published Apr 23, 2025

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an... Low Unreviewed

CVE-2025-23253 was published Apr 22, 2025

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may... Low Unreviewed

CVE-2025-2987 was published Apr 22, 2025

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. Low Unreviewed

CVE-2025-29446 was published Apr 21, 2025

Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. Low Unreviewed

CVE-2025-2517 was published Apr 21, 2025

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a... Low Unreviewed

CVE-2025-43916 was published Apr 21, 2025

An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA... Low Unreviewed

CVE-2025-3840 was published Apr 21, 2025

A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers ... Low Unreviewed

CVE-2025-25228 was published Apr 21, 2025

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image... Low Unreviewed

CVE-2025-43967 was published Apr 21, 2025

In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp... Low Unreviewed

CVE-2025-43964 was published Apr 21, 2025

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag... Low Unreviewed

CVE-2025-43961 was published Apr 21, 2025

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. Low Unreviewed

CVE-2025-43966 was published Apr 21, 2025

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer... Low Unreviewed

CVE-2025-43963 was published Apr 21, 2025

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads... Low Unreviewed

CVE-2025-43962 was published Apr 21, 2025

TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs. Low Unreviewed

CVE-2025-43955 was published Apr 20, 2025

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain... Low Unreviewed

CVE-2023-30421 was published Apr 20, 2025

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b":... Low Unreviewed

CVE-2023-26819 was published Apr 20, 2025

7-Zip through 24.09 does not report an error for certain invalid xz files, involving stream flags... Low Unreviewed

CVE-2022-47112 was published Apr 19, 2025

7-Zip through 24.09 does not report an error for certain invalid xz files, involving block flags... Low Unreviewed

CVE-2022-47111 was published Apr 19, 2025

An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302... Low Unreviewed

CVE-2025-25985 was published Apr 18, 2025

An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro... Low Unreviewed

CVE-2025-25983 was published Apr 18, 2025

HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated... Low Unreviewed

CVE-2024-42178 was published Apr 18, 2025

Previous 1 2 3 4 5 6 7 8 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

10,609 advisories