GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
                  
                    
                      
                      All reviewed
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      Composer
                    
                    
                      4,950
                    
                  
                  
                    
                      
                      Erlang
                    
                    
                      39
                    
                  
                  
                    
                      
                      GitHub Actions
                    
                    
                      38
                    
                  
                  
                    
                      
                      Go
                    
                    
                      2,603
                    
                  
                  
                    
                      
                      Maven
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      npm
                    
                    
                      4,250
                    
                  
                  
                    
                      
                      NuGet
                    
                    
                      755
                    
                  
                  
                    
                      
                      pip
                    
                    
                      4,013
                    
                  
                  
                    
                      
                      Pub
                    
                    
                      12
                    
                  
                  
                    
                      
                      RubyGems
                    
                    
                      953
                    
                  
                  
                    
                      
                      Rust
                    
                    
                      1,048
                    
                  
                  
                    
                      
                      Swift
                    
                    
                      45
                    
                  
                  Unreviewed advisories
                  
                    
                      
                      All unreviewed
                    
                    
                      5,000+
                    
                  
            423 advisories
        Filter by severity
        
      
      
    
                    
                      An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-56438
                      
                      was published
                      Oct 24, 2025 
                    
                  
                    
                      Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability,...
                    
                      
  Low
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-11195
                      
                      was published
                      Sep 30, 2025 
                    
                  
                    
                      Rancher CLI SAML authentication is vulnerable to phishing attacks
                    
                      
  High
                    
                
                      
                        CVE-2024-58267
                      
                      was published
                        for
                        
                          github.com/rancher/rancher
                        
                        (Go)
                      Sep 26, 2025 
                    
                  
                    
                      Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
                    
                      
  High
                    
                
                      
                        CVE-2025-59420
                      
                      was published
                        for
                        
                          authlib
                        
                        (pip)
                      Sep 22, 2025 
                    
                  
                    
                      matrix-js-sdk has insufficient validation when considering a room to be upgraded by another
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-59160
                      
                      was published
                        for
                        
                          matrix-js-sdk
                        
                        (npm)
                      Sep 16, 2025 
                    
                  
                    
                      In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-0092
                      
                      was published
                      Aug 27, 2025 
                    
                  
                    
                      A vulnerability was determined in Belkin AX1800 1.1.00.016. Affected by this vulnerability is an...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-9379
                      
                      was published
                      Aug 24, 2025 
                    
                  
                    
                      Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config
                    
                      
  Moderate
                    
                
                      
                        GHSA-vv6j-3g6g-2pvj
                      
                      was published
                        for
                        
                          picklescan
                        
                        (pip)
                      Aug 22, 2025 
                    
                  
                    
                      Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper
                    
                      
  Moderate
                    
                
                      
                        GHSA-vr7h-p6mm-wpmh
                      
                      was published
                        for
                        
                          picklescan
                        
                        (pip)
                      Aug 22, 2025 
                    
                  
                    
                      Picklescan missing detection when calling pytorch function torch.utils.collect_env.run
                    
                      
  Moderate
                    
                
                      
                        GHSA-f745-w6jp-hpxx
                      
                      was published
                        for
                        
                          picklescan
                        
                        (pip)
                      Aug 22, 2025 
                    
                  
                    
                      Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
                    
                      
  Moderate
                    
                
                      
                        GHSA-f4x7-rfwp-v3xw
                      
                      was published
                        for
                        
                          picklescan
                        
                        (pip)
                      Aug 22, 2025 
                    
                  
                    
                      Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get
                    
                      
  Moderate
                    
                
                      
                        GHSA-86cj-95qr-2p4f
                      
                      was published
                        for
                        
                          picklescan
                        
                        (pip)
                      Aug 22, 2025 
                    
                  
                    
                      Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
                    
                      
  Moderate
                    
                
                      
                        GHSA-4r9r-ch6f-vxmx
                      
                      was published
                        for
                        
                          picklescan
                        
                        (pip)
                      Aug 22, 2025 
                    
                  
                    
                      A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-8978
                      
                      was published
                      Aug 14, 2025 
                    
                  
                    
                      A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-8979
                      
                      was published
                      Aug 14, 2025 
                    
                  
                    
                      A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-8980
                      
                      was published
                      Aug 14, 2025 
                    
                  
                    
                      In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-6504
                      
                      was published
                      Jul 29, 2025 
                    
                  
                    
                      Ollama vulnerable to Cross-Domain Token Exposure
                    
                      
  Moderate
                    
                
                      
                        CVE-2025-51471
                      
                      was published
                        for
                        
                          github.com/ollama/ollama
                        
                        (Go)
                      Jul 22, 2025 
                    
                  
                    
                      Thunderbird ignored paths when checking the validity of navigations in a frame. This...
                    
                      
  Critical
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-8038
                      
                      was published
                      Jul 22, 2025 
                    
                  
                    
                      An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of...
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-30192
                      
                      was published
                      Jul 21, 2025 
                    
                  
                    
                      A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41....
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-7884
                      
                      was published
                      Jul 20, 2025 
                    
                  
                    
                      @clerk/backend Performs Insufficient Verification of Data Authenticity
                    
                      
  High
                    
                
                      
                        CVE-2025-53548
                      
                      was published
                        for
                        
                          @clerk/astro
                        
                        (npm)
                      Jul 9, 2025 
                    
                  
                    
                      A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162....
                    
                      
  High
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-7096
                      
                      was published
                      Jul 7, 2025 
                    
                  
                    
                      Pioneer DMH-WT7600NEX Software Update Signing Insufficient Verification of Data Authenticity...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-5832
                      
                      was published
                      Jun 26, 2025 
                    
                  
                    
                      Pioneer DMH-WT7600NEX Root Filesystem Insufficient Verification of Data Authenticity...
                    
                      
  Moderate
                      
                        Unreviewed
                    
                
                      
                        CVE-2025-5833
                      
                      was published
                      Jun 26, 2025 
                    
                  
        
        ProTip!
        Advisories are also available from the 
        GraphQL API