Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

303,881 advisories

Loading
A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function... Moderate Unreviewed
CVE-2025-14094 was published Dec 5, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5,... High Unreviewed
CVE-2024-9183 was published Dec 5, 2025
Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a... Unknown Unreviewed
CVE-2025-65730 was published Dec 5, 2025
Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability.... High Unreviewed
CVE-2025-65879 was published Dec 5, 2025
zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In... High Unreviewed
CVE-2025-65897 was published Dec 5, 2025
The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The... High Unreviewed
CVE-2025-65878 was published Dec 5, 2025
File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local... Unknown Unreviewed
CVE-2025-64056 was published Dec 5, 2025
A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows... Moderate Unreviewed
CVE-2025-64054 was published Dec 5, 2025
A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function... Moderate Unreviewed
CVE-2025-14089 was published Dec 5, 2025
A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an... Moderate Unreviewed
CVE-2025-14090 was published Dec 5, 2025
A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the... Moderate Unreviewed
CVE-2025-14092 was published Dec 5, 2025
A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to... Moderate Unreviewed
CVE-2025-14091 was published Dec 5, 2025
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local... Moderate Unreviewed
CVE-2025-64052 was published Dec 5, 2025
A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial... High Unreviewed
CVE-2025-64053 was published Dec 5, 2025
Sigstore Timestamp Authority allocates excessive memory during request parsing High
CVE-2025-66564 was published for github.com/sigstore/timestamp-authority (Go) Dec 5, 2025
Fulcio allocates excessive memory during token parsing High
CVE-2025-66506 was published for github.com/sigstore/fulcio (Go) Dec 5, 2025
adeinega
Credited to adeinega
urllib3 streaming API improperly handles highly compressed data High
CVE-2025-66471 was published for urllib3 (pip) Dec 5, 2025
illia-v pquentin
sethmlarson Cycloctane stamparm
Credited to illia-v, pquentin, sethmlarson, Cycloctane, and stamparm
urllib3 allows an unbounded number of links in the decompression chain High
CVE-2025-66418 was published for urllib3 (pip) Dec 5, 2025
illia-v sethmlarson
pquentin
Credited to illia-v, sethmlarson, and pquentin
Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte Moderate
CVE-2025-66220 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
ggreenway yanavlasov agrawroh
Credited to botengyao, phlax, ggreenway, yanavlasov, and agrawroh
Envoy forwards early CONNECT data in TCP proxy mode Low
CVE-2025-64763 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
yanavlasov agrawroh
Credited to botengyao, phlax, yanavlasov, and agrawroh
Envoy crashes when JWT authentication is configured with the remote JWKS fetching Moderate
CVE-2025-64527 was published for github.com/envoyproxy/envoy (Go) Dec 5, 2025
botengyao phlax
agrawroh yanavlasov
Credited to botengyao, phlax, agrawroh, and yanavlasov
A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function... Moderate Unreviewed
CVE-2025-14086 was published Dec 5, 2025
A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an... Moderate Unreviewed
CVE-2025-14088 was published Dec 5, 2025
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but... High Unreviewed
CVE-2025-58098 was published Dec 5, 2025
Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on... High Unreviewed
CVE-2025-64057 was published Dec 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database