Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,605
Maven
5,000+
npm
4,250
NuGet
756
pip
4,016
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

113,196 advisories

Loading
Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA... High Unreviewed
CVE-2025-62260 was published Oct 28, 2025
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP... High Unreviewed
CVE-2025-62258 was published Oct 28, 2025
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege... High Unreviewed
CVE-2025-36007 was published Oct 27, 2025
A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function... High Unreviewed
CVE-2025-12322 was published Oct 27, 2025
Keycloak TLS Client-Initiated Renegotiation Denial of Service High
CVE-2025-11419 was published for org.keycloak:keycloak-quarkus-dist (Maven) Oct 27, 2025
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations High
CVE-2025-62725 was published for github.com/docker/compose/v2 (Go) Oct 27, 2025
masasron
Credited to masasron
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a... High Unreviewed
CVE-2025-55752 was published Oct 27, 2025
pg8000 SQL injection vulnerability via a specially crafted Python list input High
CVE-2025-61385 was published for pg8000 (pip) Oct 27, 2025
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to... High Unreviewed
CVE-2025-27222 was published Oct 27, 2025
TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp... High Unreviewed
CVE-2025-27225 was published Oct 27, 2025
Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery (CSRF)... High Unreviewed
CVE-2025-34133 was published Oct 27, 2025
Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the... High Unreviewed
CVE-2025-60425 was published Oct 27, 2025
indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password... High Unreviewed
CVE-2025-61247 was published Oct 27, 2025
A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2... High Unreviewed
CVE-2025-60424 was published Oct 27, 2025
Constellation has insecure LUKS2 persistent storage partitions which may be opened and used High
CVE-2025-58356 was published for github.com/edgelesssys/constellation/v2 (Go) Oct 27, 2025
tjade273 daniel-weisse
msanft katexochen
Credited to tjade273, daniel-weisse, msanft, and katexochen
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on... High Unreviewed
CVE-2025-61482 was published Oct 27, 2025
StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a hardcoded AES key which... High Unreviewed
CVE-2025-52268 was published Oct 27, 2025
Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allows attackers with... High Unreviewed
CVE-2025-41068 was published Oct 27, 2025
A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file... High Unreviewed
CVE-2025-12286 was published Oct 27, 2025
Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allows attackers with... High Unreviewed
CVE-2025-41067 was published Oct 27, 2025
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The... High Unreviewed
CVE-2025-9164 was published Oct 27, 2025
An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows... High Unreviewed
CVE-2025-52263 was published Oct 27, 2025
A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability... High Unreviewed
CVE-2025-12274 was published Oct 27, 2025
A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function... High Unreviewed
CVE-2025-12273 was published Oct 27, 2025
Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6.... High Unreviewed
CVE-2025-11955 was published Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database