Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,933
Erlang
39
GitHub Actions
38
Go
2,595
Maven
5,000+
npm
4,247
NuGet
754
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,643 advisories

Loading
Liferay Portal and DXP are Missing Authorization in Collection Provider Low
CVE-2025-62247 was published for com.liferay:com.liferay.search.experiences.service (Maven) Oct 22, 2025
Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). ... Low Unreviewed
CVE-2025-61755 was published Oct 21, 2025
Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported... Low Unreviewed
CVE-2025-53051 was published Oct 21, 2025
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... Low Unreviewed
CVE-2025-61748 was published Oct 21, 2025
Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that... Low Unreviewed
CVE-2025-61749 was published Oct 21, 2025
Magento Authenticated Security feature bypass Low
CVE-2025-49549 was published for magento/community-edition (Composer) Jun 26, 2025
Mattermost Server allows System Admin to modify LDAP account names and email addresses Low
CVE-2016-11077 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl Low
GHSA-gr7h-xw4f-wh86 was published for org.sakaiproject.kernel:sakai-kernel-impl (Maven) Oct 22, 2025
Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names Low
CVE-2025-11966 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2025-62659 was published Oct 22, 2025
Borrowck Scarifices exposes uninitialized memory in any_as_u8_slice Low
GHSA-xcpm-76hf-c9cc was published for borrowck_sacrifices (Rust) Oct 22, 2025
A vulnerability has been identified in the libarchive library, specifically within the... Low Unreviewed
CVE-2025-5914 was published Jun 9, 2025
A high privileged remote attacker can influence the parameters passed to the openssl command due... Low Unreviewed
CVE-2025-41721 was published Oct 22, 2025
Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request... Low Unreviewed
CVE-2025-62773 was published Oct 22, 2025
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases. Low Unreviewed
CVE-2025-62772 was published Oct 22, 2025
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens... Low Unreviewed
CVE-2025-62774 was published Oct 22, 2025
IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended... Low Unreviewed
CVE-2013-3993 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow... Low Unreviewed
CVE-2013-5223 was published May 17, 2022
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest... Low Unreviewed
CVE-2023-20867 was published Jun 13, 2023
The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM... Low Unreviewed
CVE-2025-47729 was published May 8, 2025
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows... Low Unreviewed
CVE-2020-1464 was published May 24, 2022
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain... Low Unreviewed
CVE-2016-3351 was published May 14, 2022
Direct Ring Buffer has uninitialized memory exposure in create_ring_buffer Low
GHSA-fp5x-7m4q-449f was published for direct_ring_buffer (Rust) Oct 21, 2025
orx-pinned-vec has undefined behavior in index_of_ptr with empty slices Low
GHSA-h5j3-crg5-8jqm was published for orx-pinned-vec (Rust) Oct 21, 2025
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block... Low Unreviewed
CVE-2025-62479 was published Oct 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database