Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,766
Maven
5,000+
npm
4,371
NuGet
767
pip
4,144
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,909 advisories

Loading
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to... Low Unreviewed
CVE-2025-12654 was published Dec 21, 2025
Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature Low
GHSA-24v3-254g-jv85 was published for @tutao/tutanota-utils (npm) Dec 19, 2025
Orejime has executable code in HTML attributes Low
CVE-2025-68457 was published for orejime (npm) Dec 19, 2025
Rudloff felixgirault
Credited to Rudloff and felixgirault
A flaw has been found in Open5GS up to 2.7.5. This impacts the function... Low Unreviewed
CVE-2025-14953 was published Dec 19, 2025
pretix has Broken Access Control Allowing Cross-User File Access via UUID Low
CVE-2025-14881 was published for pretix (pip) Dec 19, 2025
pretix has Broken Access Control Allowing Cross-User File Access via UUID Low
CVE-2025-14882 was published for pretix (pip) Dec 19, 2025
Microsoft Edge (Chromium-based) Spoofing Vulnerability Low Unreviewed
CVE-2025-65046 was published Dec 19, 2025
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML... Low Unreviewed
CVE-2025-65000 was published Dec 18, 2025
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff... Low Unreviewed
CVE-2025-40891 was published Dec 18, 2025
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory,... Low Unreviewed
CVE-2025-68462 was published Dec 18, 2025
Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web... Low Unreviewed
CVE-2025-55254 was published Dec 17, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26... Low Unreviewed
CVE-2025-46279 was published Dec 17, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26... Low Unreviewed
CVE-2025-46277 was published Dec 17, 2025
Multiple memory corruption issues were addressed with improved input validation. This issue is... Low Unreviewed
CVE-2025-43533 was published Dec 17, 2025
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2,... Low Unreviewed
CVE-2025-43531 was published Dec 17, 2025
Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost... Low Unreviewed
CVE-2025-13326 was published Dec 17, 2025
Mattermost Desktop App exposes sensitive information in its application logs Low
CVE-2025-13321 was published for mattermost-desktop (npm) Dec 17, 2025
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows... Low Unreviewed
CVE-2025-65185 was published Dec 17, 2025
CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf... Low Unreviewed
CVE-2025-14266 was published Dec 17, 2025
Mattermost has missing redirect URL validation Low
CVE-2025-62690 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection Low
CVE-2025-13352 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
PyMdown Extensions has a ReDOS bug in its Figure Capture extension Low
CVE-2025-68142 was published for pymdown-extensions (pip) Dec 16, 2025
Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG... Low Unreviewed
CVE-2023-53900 was published Dec 16, 2025
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows... Low Unreviewed
CVE-2023-53899 was published Dec 16, 2025
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test Low Unreviewed
CVE-2025-68164 was published Dec 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database