Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

10,913 advisories

Loading
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local... Low Unreviewed
CVE-2023-21470 was published Sep 19, 2025
Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls... Low Unreviewed
CVE-2025-9081 was published Sep 19, 2025
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local... Low Unreviewed
CVE-2023-21469 was published Sep 19, 2025
PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside... Low Unreviewed
CVE-2025-59691 was published Sep 19, 2025
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the... Low Unreviewed
CVE-2025-59692 was published Sep 19, 2025
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable... Low Unreviewed
CVE-2024-26992 was published May 1, 2024
In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data... Low Unreviewed
CVE-2022-48668 was published Apr 28, 2024
In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data... Low Unreviewed
CVE-2022-48667 was published Apr 28, 2024
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming... Low Unreviewed
CVE-2025-30187 was published Sep 18, 2025
Access permission verification vulnerability in the Notepad module Impact: Successful... Low Unreviewed
CVE-2024-42036 was published Aug 8, 2024
A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic.... Low Unreviewed
CVE-2025-5715 was published Jun 6, 2025
CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An... Low Unreviewed
CVE-2025-35433 was published Sep 17, 2025
CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An... Low Unreviewed
CVE-2025-35434 was published Sep 17, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in... Low Unreviewed
CVE-2025-43357 was published Sep 16, 2025
A privacy issue was addressed with improved private data redaction for log entries. This issue is... Low Unreviewed
CVE-2025-43301 was published Sep 16, 2025
A buffer overread can occur in the CPC application when operating in full duplex SPI upon... Low Unreviewed
CVE-2024-12975 was published Mar 7, 2025
In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as... Low Unreviewed
CVE-2025-30075 was published Sep 16, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS... Low Unreviewed
CVE-2025-43283 was published Sep 16, 2025
psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse'... Low Unreviewed
CVE-2025-59270 was published Sep 16, 2025
There is an an information disclosure vulnerability in ZTE T5400. Due to improper configuration... Low Unreviewed
CVE-2025-26710 was published Sep 16, 2025
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value... Low Unreviewed
CVE-2025-59437 was published Sep 16, 2025
Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for... Low Unreviewed
CVE-2025-59453 was published Sep 16, 2025
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value... Low Unreviewed
CVE-2025-59436 was published Sep 16, 2025
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in... Low Unreviewed
CVE-2025-43344 was published Sep 16, 2025
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in... Low Unreviewed
CVE-2025-43349 was published Sep 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database