Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a... Moderate Unreviewed
CVE-2026-1629 was published Mar 16, 2026
Parse Server's MFA recovery codes not consumed after use High
CVE-2026-31875 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device... High Unreviewed
CVE-2025-69415 was published Jan 2, 2026
In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of... Low Unreviewed
CVE-2025-64686 was published Nov 10, 2025
When passing through PCI devices, the detach logic in libxl won't remove access permissions to... High Unreviewed
CVE-2025-58149 was published Oct 31, 2025
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are... High Unreviewed
CVE-2025-55669 was published Oct 15, 2025
MongoDB Server may allow upsert operations retried within a transaction to violate unique index... Moderate Unreviewed
CVE-2025-10060 was published Sep 5, 2025
In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure... High Unreviewed
CVE-2025-39698 was published Sep 5, 2025
Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety Low
GHSA-655h-hg88-5qmf was published for xcb (Rust) Aug 22, 2025
Wasmtime CLI is vulnerable to host panic through its fd_renumber function Low
CVE-2025-53901 was published for wasmtime (Rust) Jul 18, 2025
hatoo Credited to hatoo and rvolosatovs rvolosatovs rvolosatovs
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of... High Unreviewed
CVE-2025-6031 was published Jun 12, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and... High Unreviewed
CVE-2025-31253 was published May 13, 2025
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. Low Unreviewed
CVE-2025-2517 was published Apr 21, 2025
array-init-cursor is unsound when used with types that implement `Drop` Low
GHSA-67r5-rqwv-9p9q was published for array-init-cursor (Rust) Mar 31, 2025
Suspended Directus user can continue to use session token to access API Low
CVE-2025-30351 was published for @directus/api (npm) Mar 26, 2025
Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A... Moderate Unreviewed
CVE-2025-21117 was published Feb 5, 2025
In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a... High Unreviewed
CVE-2024-57929 was published Jan 19, 2025
An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7... High Unreviewed
CVE-2024-47571 was published Jan 14, 2025
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh Low
CVE-2025-22149 was published for github.com/MicahParks/jwkset (Go) Jan 9, 2025
rohitkoul Credited to rohitkoul
UAF vulnerability in the device node access module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2024-56434 was published Jan 8, 2025
In the Linux kernel, the following vulnerability has been resolved: virtio_net: correct... Moderate Unreviewed
CVE-2024-56674 was published Dec 27, 2024
In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible... Moderate Unreviewed
CVE-2024-49955 was published Oct 21, 2024
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused... Moderate Unreviewed
CVE-2024-49953 was published Oct 21, 2024
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation High
CVE-2024-47060 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
prdp1137 Credited to prdp1137, livio-a, and fforootd livio-a livio-a
fforootd fforootd
ZITADEL's Service Users Deactivation not Working High
CVE-2024-47000 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
livio-a Credited to livio-a and fforootd fforootd fforootd
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database