Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

66 advisories

Loading
A low-privileged remote attacker may be able to replace the boot application of the CODESYS... High Unreviewed
CVE-2025-41660 was published Mar 24, 2026
In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API. Moderate Unreviewed
CVE-2026-33265 was published Mar 18, 2026
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from... Low Unreviewed
CVE-2026-32772 was published Mar 16, 2026
OpenStack Nova calls qemu-img without format restrictions for resize High
CVE-2026-24708 was published for Nova (pip) Feb 18, 2026
Duplicate Advisory: 1-Click RCE via Authentication Token Exfiltration From gatewayUrl High
GHSA-r2c6-8jc8-g32w was published for clawdbot (npm) Feb 2, 2026 withdrawn
Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context Critical
CVE-2025-67895 was published for apache-airflow-providers-edge3 (pip) Dec 17, 2025
Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password. High Unreviewed
CVE-2025-62775 was published Oct 22, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote... Moderate Unreviewed
CVE-2025-62646 was published Oct 17, 2025
In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users... Moderate Unreviewed
CVE-2025-62292 was published Oct 10, 2025
The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to... Low Unreviewed
CVE-2025-56675 was published Sep 30, 2025
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the... Low Unreviewed
CVE-2025-59692 was published Sep 19, 2025
PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside... Low Unreviewed
CVE-2025-59691 was published Sep 19, 2025
Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for... Low Unreviewed
CVE-2025-59453 was published Sep 16, 2025
In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to... Moderate Unreviewed
CVE-2025-59378 was published Sep 15, 2025
In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps... High Unreviewed
CVE-2025-59363 was published Sep 14, 2025
Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified... Critical Unreviewed
CVE-2025-34158 was published Aug 21, 2025
The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the... Low Unreviewed
CVE-2025-54956 was published Aug 3, 2025
WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts... Low Unreviewed
CVE-2025-54352 was published Jul 21, 2025
qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL... Moderate Unreviewed
CVE-2025-54310 was published Jul 18, 2025
An unauthenticated remote attacker could use a demo account of the portal to hijack devices that... High Unreviewed
CVE-2025-41645 was published May 13, 2025
@misskey-dev/summaly Redirect Filter Bypass Low
CVE-2025-46553 was published for @misskey-dev/summaly (npm) May 5, 2025
warriordog Credited to warriordog
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization High
GHSA-22fp-mf44-f2mq was published for youtube-dl (pip) Apr 18, 2025
pukkandan Credited to pukkandan, JarLob, Grub4K, dirkf, and rhdesmond JarLob JarLob
Grub4K Grub4K dirkf dirkf rhdesmond rhdesmond
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use... Moderate Unreviewed
CVE-2024-42158 was published Jul 30, 2024
yt-dlp File system modification and RCE through improper file-extension sanitization High
CVE-2024-38519 was published for yt-dlp (pip) Jul 2, 2024
pukkandan Credited to pukkandan, JarLob, and Grub4K JarLob JarLob
Grub4K Grub4K
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects Moderate
CVE-2024-37891 was published for urllib3 (pip) Jun 17, 2024
pquentin Credited to pquentin, illia-v, and G-Rath illia-v illia-v
G-Rath G-Rath
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database