Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,791
Maven
5,000+
npm
4,399
NuGet
772
pip
4,175
Pub
12
RubyGems
965
Rust
1,074
Swift
45
Unreviewed advisories
All unreviewed
5,000+

309,614 advisories

Loading
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of... Unknown Unreviewed
CVE-2025-15444 was published Jan 6, 2026
The Download Manager plugin for WordPress is vulnerable to privilege escalation via account... High Unreviewed
CVE-2025-15364 was published Jan 6, 2026
In c2ps, there is a possible memory corruption due to use after free. This could lead to local... Unknown Unreviewed
CVE-2025-20799 was published Jan 6, 2026
In mminfra, there is a possible out of bounds write due to a missing bounds check. This could... Unknown Unreviewed
CVE-2025-20800 was published Jan 6, 2026
In Modem, there is a possible system crash due to incorrect error handling. This could lead to... Unknown Unreviewed
CVE-2025-20793 was published Jan 6, 2026
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could... Unknown Unreviewed
CVE-2025-20795 was published Jan 6, 2026
In Modem, there is a possible system crash due to improper input validation. This could lead to... Unknown Unreviewed
CVE-2025-20794 was published Jan 6, 2026
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates... High Unreviewed
CVE-2025-57836 was published Jan 5, 2026
Multiple D-Link DSL gateway devices contain a command injection vulnerability in the dnscfg.cgi... Critical Unreviewed
CVE-2026-0625 was published Jan 6, 2026
A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the... Moderate Unreviewed
CVE-2026-0607 was published Jan 6, 2026
A vulnerability was detected in code-projects Online Music Site 1.0. Affected by this issue is... Moderate Unreviewed
CVE-2026-0606 was published Jan 6, 2026
An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect... High Unreviewed
CVE-2025-53966 was published Jan 5, 2026
An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400,... High Unreviewed
CVE-2025-49495 was published Jan 5, 2026
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos... Moderate Unreviewed
CVE-2025-52515 was published Jan 5, 2026
PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to... Moderate Unreviewed
CVE-2025-65922 was published Jan 5, 2026
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos... High Unreviewed
CVE-2025-43706 was published Jan 5, 2026
An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary... Moderate Unreviewed
CVE-2025-67316 was published Jan 5, 2026
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos... High Unreviewed
CVE-2025-52519 was published Jan 5, 2026
evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API Moderate
CVE-2025-67427 was published for @evershop/evershop (npm) Jan 5, 2026
evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API High
CVE-2025-67419 was published for @evershop/evershop (npm) Jan 5, 2026
Apache SIS has Improper Restriction of XML External Entity Reference vulnerability Moderate
CVE-2025-68280 was published for org.apache.sis.core:sis-metadata (Maven) Jan 5, 2026
AIOHTTP Vulnerable to Cookie Parser Warning Storm Low
CVE-2025-69230 was published for aiohttp (pip) Jan 5, 2026
Finder16
Credited to Finder16
AIOHTTP vulnerable to DoS through chunked messages Moderate
CVE-2025-69229 was published for aiohttp (pip) Jan 5, 2026
Finder16
Credited to Finder16
Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope High
CVE-2025-65110 was published for vega-selections (npm) Jan 5, 2026
nickcopi hydrosquall
domoritz
Credited to nickcopi, hydrosquall, and domoritz
AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb High
CVE-2025-69223 was published for aiohttp (pip) Jan 5, 2026
charleswhchan
Credited to charleswhchan
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database