Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,890
Erlang
37
GitHub Actions
38
Go
2,547
Maven
5,000+
npm
4,217
NuGet
745
pip
3,994
Pub
12
RubyGems
952
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

112,486 advisories

Loading
Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing High
CVE-2025-61919 was published for rack (RubyGems) Oct 10, 2025
Pirikara jeremyevans
ioquatix
Credited to Pirikara, jeremyevans, and ioquatix
quic-go: Panic occurs when queuing undecryptable packets after handshake completion High
CVE-2025-59530 was published for github.com/quic-go/quic-go (Go) Oct 10, 2025
rsukhodolskyi
Credited to rsukhodolskyi
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject... High Unreviewed
CVE-2025-60378 was published Oct 10, 2025
Publii CMS v0.46.5 (build 17089) allows persistent Cross-Site Scripting (XSS) via unsanitized... High Unreviewed
CVE-2025-60869 was published Oct 10, 2025
An out-of-bounds read vulnerability exists in VS6ComFile!get_ovlp_element_size of V-SFT v6.2.7.0... High Unreviewed
CVE-2025-61862 was published Oct 10, 2025
An out-of-bounds write vulnerability exists in VS6ComFile!CItemExChange::WinFontDynStrCheck of V... High Unreviewed
CVE-2025-61857 was published Oct 10, 2025
An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and... High Unreviewed
CVE-2025-61861 was published Oct 10, 2025
A use after free vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier.... High Unreviewed
CVE-2025-61864 was published Oct 10, 2025
An out-of-bounds read vulnerability exists in VS6MemInIF!set_temp_type_default of V-SFT v6.2.7.0... High Unreviewed
CVE-2025-61860 was published Oct 10, 2025
An out-of-bounds write vulnerability exists in VS6ComFile!CItemDraw::is_motion_tween of V-SFT v6... High Unreviewed
CVE-2025-61859 was published Oct 10, 2025
An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::delete_mem of V-SFT v6.2.7.0... High Unreviewed
CVE-2025-61863 was published Oct 10, 2025
An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and... High Unreviewed
CVE-2025-61858 was published Oct 10, 2025
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0 High Unreviewed
CVE-2025-52650 was published Oct 10, 2025
A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7BaseMap::WriteV7DataToRom of... High Unreviewed
CVE-2025-61856 was published Oct 10, 2025
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site... High Unreviewed
CVE-2025-25017 was published Oct 10, 2025
Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross... High Unreviewed
CVE-2025-25018 was published Oct 10, 2025
Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to... High Unreviewed
CVE-2025-21064 was published Oct 10, 2025
Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to... High Unreviewed
CVE-2025-21050 was published Oct 10, 2025
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows... High Unreviewed
CVE-2025-21062 was published Oct 10, 2025
Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android... High Unreviewed
CVE-2025-21058 was published Oct 10, 2025
Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local... High Unreviewed
CVE-2025-21061 was published Oct 10, 2025
NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file... High Unreviewed
CVE-2025-61871 was published Oct 10, 2025
All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage... High Unreviewed
CVE-2025-11569 was published Oct 10, 2025
Amazon.IonDotnet is vulnerable to Denial of Service attacks High
CVE-2025-11573 was published for Amazon.IonDotnet (NuGet) Oct 9, 2025
Redis Enterprise Elevation of Privilege Vulnerability High Unreviewed
CVE-2025-59271 was published Oct 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database