Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

126,194 advisories

Loading
Improper neutralization of input during web page generation ('cross-site scripting') in Azure... High Unreviewed
CVE-2025-64675 was published Dec 19, 2025
Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path... High Unreviewed
CVE-2025-34452 was published Dec 19, 2025
Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments High
CVE-2025-68388 was published for github.com/elastic/beats (Go) Dec 19, 2025
Improper neutralization of input during web page generation ('cross-site scripting') in Office... High Unreviewed
CVE-2025-64677 was published Dec 19, 2025
Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79)... High Unreviewed
CVE-2025-68385 was published Dec 19, 2025
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. High Unreviewed
CVE-2025-64676 was published Dec 19, 2025
Weblate has an arbitrary file read via symbolic links High
CVE-2025-68279 was published for Weblate (pip) Dec 18, 2025
secjson Credited to secjson and nijel nijel nijel
nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows High
CVE-2025-53000 was published for nbconvert (pip) Dec 18, 2025
dlqqq Credited to dlqqq, krassowski, and yohannslm krassowski krassowski
yohannslm yohannslm
An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon... High Unreviewed
CVE-2025-63950 was published Dec 18, 2025
An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi... High Unreviewed
CVE-2025-63951 was published Dec 18, 2025
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to... High Unreviewed
CVE-2025-14850 was published Dec 18, 2025
Due to a product misconfiguration in certain deployment types, it was possible from different... High Unreviewed
CVE-2025-53710 was published Dec 18, 2025
Advantech WebAccess/SCADA  is vulnerable to unrestricted file upload, which may allow an attacker... High Unreviewed
CVE-2025-14849 was published Dec 18, 2025
BullWall Ransomware Containment contains excluded file paths, such as '$recycle.bin' that are not... High Unreviewed
CVE-2025-62001 was published Dec 18, 2025
BullWall Server Intrusion Protection has a noticeable delay before the MFA check when connecting... High Unreviewed
CVE-2025-62003 was published Dec 18, 2025
BullWall Server Intrusion Protection services are initialized after login services. An... High Unreviewed
CVE-2025-62004 was published Dec 18, 2025
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run... High Unreviewed
CVE-2023-53940 was published Dec 18, 2025
The vulnerability affects Ignition SCADA applications where Python scripting is utilized for... High Unreviewed
CVE-2025-13911 was published Dec 18, 2025
A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via... High Unreviewed
CVE-2023-53934 was published Dec 18, 2025
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low... High Unreviewed
CVE-2023-53944 was published Dec 18, 2025
A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version... High Unreviewed
CVE-2025-65566 was published Dec 18, 2025
An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with ... High Unreviewed
CVE-2019-25229 was published Dec 18, 2025
Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to... High Unreviewed
CVE-2023-53937 was published Dec 18, 2025
Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send... High Unreviewed
CVE-2025-63387 was published Dec 18, 2025
A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject... High Unreviewed
CVE-2021-47711 was published Dec 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database