Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,880
Maven
5,000+
npm
4,518
NuGet
784
pip
4,260
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

117,994 advisories

Loading
Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse... High Unreviewed
CVE-2019-16536 was published May 21, 2025
The Backup Plus extension for TYPO3 (ns_backup) has a Predictable Resource Location High
CVE-2025-48201 was published for nitsan/ns-backup (Composer) May 21, 2025
A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote... High Unreviewed
CVE-2025-20113 was published May 21, 2025
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE)... High Unreviewed
CVE-2025-20152 was published May 21, 2025
Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track... High Unreviewed
CVE-2025-4416 was published May 21, 2025
An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate... High Unreviewed
CVE-2025-27998 was published May 21, 2025
An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing... High Unreviewed
CVE-2025-27997 was published May 21, 2025
The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference High
CVE-2025-48205 was published for sjbr/sr-feuser-register (Composer) May 21, 2025
containerd allows host filesystem access on pull High
CVE-2025-47290 was published for github.com/containerd/containerd/v2 (Go) May 21, 2025
tonistiigi
Credited to tonistiigi
itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient... High Unreviewed
CVE-2024-56429 was published May 21, 2025
When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks... High Unreviewed
CVE-2025-40775 was published May 21, 2025
In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently... High Unreviewed
CVE-2025-1416 was published May 21, 2025
The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating... High Unreviewed
CVE-2025-48413 was published May 21, 2025
An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file... High Unreviewed
CVE-2025-48416 was published May 21, 2025
A vulnerability, which was classified as problematic, was found in H3C R2+ProG up to 200R004.... High Unreviewed
CVE-2025-4997 was published May 20, 2025
A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic.... High Unreviewed
CVE-2025-4998 was published May 20, 2025
The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter... High Unreviewed
CVE-2024-13633 was published May 20, 2025
The TYPO3 CMS Backend has Broken Authentication in Backend MFA High
CVE-2025-47941 was published for typo3/cms-backend (Composer) May 20, 2025
jacobsenj derhansen
Credited to jacobsenj and derhansen
TYPO3 Allows Privilege Escalation to System Maintainer High
CVE-2025-47940 was published for typo3/cms-core (Composer) May 20, 2025
ohader alexanderkuenzl
Credited to ohader and alexanderkuenzl
In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE... High Unreviewed
CVE-2025-37991 was published May 20, 2025
This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12... High Unreviewed
CVE-2025-22157 was published May 20, 2025
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Use... High Unreviewed
CVE-2025-37981 was published May 20, 2025
The affected products could allow an unauthenticated attacker to access system information that... High Unreviewed
CVE-2025-4364 was published May 20, 2025
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing... High Unreviewed
CVE-2025-48391 was published May 20, 2025
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass... High Unreviewed
CVE-2025-37979 was published May 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database