Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

125 advisories

Loading
secp256k1-node allows private key extraction over ECDH High
CVE-2024-48930 was published for secp256k1 (npm) Oct 21, 2024
ChALkeR jprichardson
Credited to ChALkeR and jprichardson
In the Linux kernel, the following vulnerability has been resolved: nfsd: map the EBADMSG to... Moderate Unreviewed
CVE-2024-49875 was published Oct 21, 2024
In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges... Moderate Unreviewed
CVE-2024-47255 was published Nov 5, 2024
Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16... Moderate Unreviewed
CVE-2024-49406 was published Nov 6, 2024
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin High
CVE-2024-52550 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Nov 13, 2024
An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute... High Unreviewed
CVE-2024-51141 was published Nov 15, 2024
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying... Moderate Unreviewed
CVE-2024-56169 was published Dec 18, 2024
There is an insufficient integrity vulnerability in Huawei products. A module does not perform... Moderate Unreviewed
CVE-2020-9210 was published Dec 27, 2024
Lodestar snappy checksum issue Low
GHSA-m9c9-mc2h-9wjw was published for @lodestar/reqresp (npm) Jan 14, 2025
gln7
Credited to gln7
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A... Critical Unreviewed
CVE-2023-50738 was published Jan 17, 2025
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache Low
CVE-2025-25183 was published for vllm (pip) Feb 6, 2025
kexinoh russellb
Credited to kexinoh and russellb
Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect ... Moderate Unreviewed
CVE-2024-47935 was published Feb 17, 2025
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2... Moderate Unreviewed
CVE-2024-47573 was published Mar 14, 2025
This issue was addressed with improved handling of executable types. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-24148 was published Apr 1, 2025
The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and... Moderate Unreviewed
CVE-2025-3247 was published Apr 16, 2025
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is... Moderate Unreviewed
CVE-2025-3479 was published Apr 17, 2025
An improper validation of integrity check value vulnerability exists in AVEVA PI Connector for... Moderate Unreviewed
CVE-2025-4418 was published Jun 12, 2025
A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8... High Unreviewed
CVE-2025-39203 was published Jun 24, 2025
electron ASAR Integrity bypass by just modifying the content High
CVE-2024-46992 was published for electron (npm) Jun 30, 2025
Just-Hack-For-Fun
Credited to Just-Hack-For-Fun
A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162.... High Unreviewed
CVE-2025-7096 was published Jul 7, 2025
JWE is missing AES-GCM authentication tag validation in encrypted JWE Critical
CVE-2025-54887 was published for jwe (RubyGems) Aug 7, 2025
Sideni
Credited to Sideni
Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious... High Unreviewed
CVE-2024-7402 was published Aug 14, 2025
Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH Low
GHSA-j2pc-v64r-mv4f was published for io.github.ascopes:protobuf-maven-plugin (Maven) Nov 4, 2025
Marcono1234
Credited to Marcono1234
An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma®... Low Unreviewed
CVE-2025-4616 was published Nov 14, 2025
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause... Moderate Unreviewed
CVE-2025-33193 was published Nov 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database