Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,831 advisories

Loading
PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users Low
CVE-2025-64711 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard rugk
Ribas160
Credited to esnard, rugk, and Ribas160
An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma®... Low Unreviewed
CVE-2025-4616 was published Nov 14, 2025
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11... Low Unreviewed
CVE-2025-54342 was published Nov 14, 2025
An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1... Low Unreviewed
CVE-2025-54559 was published Nov 14, 2025
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert... Low Unreviewed
CVE-2025-54560 was published Nov 14, 2025
An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows... Low Unreviewed
CVE-2025-4617 was published Nov 14, 2025
Mattermost allows regular users to access archived channel content and files Low
CVE-2025-41436 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
SpiceDB WriteRelationships fails silently if payload is too big Low
CVE-2025-64529 was published for github.com/authzed/spicedb (Go) Nov 13, 2025
Astro development server error page is vulnerable to reflected Cross-site Scripting Low
CVE-2025-64745 was published for astro (npm) Nov 13, 2025
pHo9UBenaA delucis
florian-lefebvre
Credited to pHo9UBenaA, delucis, and florian-lefebvre
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control... Low Unreviewed
CVE-2025-46370 was published Nov 13, 2025
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-11777 was published for github.com/mattermost/mattermost (Go) Nov 13, 2025
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve... Low Unreviewed
CVE-2025-12817 was published Nov 13, 2025
Wasmtime provides unsound API access to a WebAssembly shared linear memory Low
CVE-2025-64345 was published for wasmtime (Rust) Nov 12, 2025
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch... Low Unreviewed
CVE-2025-63396 was published Nov 12, 2025
sudo-rs: Partial password reveal is possible after timeout Low
CVE-2025-64170 was published for sudo-rs (Rust) Nov 12, 2025
DevLaTron bjorn3
MggMuggins squell
Credited to DevLaTron, bjorn3, MggMuggins, and squell
changedetection.io: Stored XSS in Watch update via API Low
CVE-2025-62780 was published for changedetection.io (pip) Nov 12, 2025
edoardottt
Credited to edoardottt
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20378 was published Nov 12, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20379 was published Nov 12, 2025
When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the... Low Unreviewed
CVE-2025-41116 was published Nov 11, 2025
When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the... Low Unreviewed
CVE-2025-3717 was published Nov 11, 2025
Improper access control for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User... Low Unreviewed
CVE-2025-32037 was published Nov 11, 2025
Improper neutralization for some Intel(R) Neural Compressor software before version v3.4 within... Low Unreviewed
CVE-2025-27712 was published Nov 11, 2025
Unrestricted upload of file with dangerous type for some Intel(R) CIP software before version... Low Unreviewed
CVE-2025-24862 was published Nov 11, 2025
Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001... Low Unreviewed
CVE-2025-24307 was published Nov 11, 2025
Improper input validation in some firmware for some Intel(R) Graphics Drivers and Intel LTS... Low Unreviewed
CVE-2025-25216 was published Nov 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database