Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,016
Maven
5,000+
npm
4,737
NuGet
814
pip
4,347
Pub
12
RubyGems
987
Rust
1,140
Swift
50
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

205 advisories

Loading
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance. Moderate Unreviewed
CVE-2025-15312 was published Feb 5, 2026
CSS-based exfiltration of the content from partially encrypted emails when allowing remote... Moderate Unreviewed
CVE-2026-0818 was published Jan 28, 2026
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include... Low Unreviewed
CVE-2026-24439 was published Jan 26, 2026
Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy... Low Unreviewed
CVE-2026-22712 was published Jan 9, 2026
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure... High Unreviewed
CVE-2025-68460 was published Dec 18, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18... Low Unreviewed
CVE-2025-12734 was published Dec 11, 2025
GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18... High Unreviewed
CVE-2025-8405 was published Dec 11, 2025
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send... Moderate Unreviewed
CVE-2025-42896 was published Dec 9, 2025
A vulnerability exists in PX Enterprise whereby sensitive information may be logged under... High Unreviewed
CVE-2025-9127 was published Dec 4, 2025
Emails sent by pretix can utilize placeholders that will be filled with customer data. For... Low Unreviewed
CVE-2025-13742 was published Nov 27, 2025
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with... Critical Unreviewed
CVE-2025-40547 was published Nov 18, 2025
A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This... High Unreviewed
CVE-2025-11085 was published Nov 11, 2025
There is a Denial of Service(DoS)vulnerability in the ZTE MC889A Pro product. Due to insufficient... Moderate Unreviewed
CVE-2025-46583 was published Oct 27, 2025
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into... High Unreviewed
CVE-2025-11713 was published Oct 14, 2025
A malicious page could have used the type attribute of an OBJECT tag to override the default... Moderate Unreviewed
CVE-2025-11712 was published Oct 14, 2025
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize... High Unreviewed
CVE-2025-55903 was published Oct 10, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-0607 was published Oct 6, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-46703 was published Sep 19, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-57880 was published Sep 19, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-48007 was published Sep 19, 2025
In multiple locations, there is a possible way to access content across user profiles due to URI... Moderate Unreviewed
CVE-2025-0083 was published Aug 27, 2025
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when... Moderate Unreviewed
CVE-2025-6429 was published Jun 26, 2025
IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due... Moderate Unreviewed
CVE-2025-25029 was published May 28, 2025
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection... Moderate Unreviewed
CVE-2025-5271 was published May 27, 2025
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows,... Moderate Unreviewed
CVE-2025-3942 was published May 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database