Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
@hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects Moderate
CVE-2026-48022 was published for @hapi/wreck (npm) Jun 11, 2026
SnailSploit Credited to SnailSploit
Netty's Default QUIC token handler accepts any client-supplied token High
CVE-2026-44894 was published for io.netty:netty-codec-classes-quic (Maven) Jun 8, 2026
Electerm Local code through electerm's single-instance socket Critical
CVE-2026-45353 was published for electerm (npm) May 14, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Enables Phishing from the Site’s Legitimate From Address Moderate
CVE-2026-43880 was published for wwbn/avideo (Composer) May 5, 2026
offset Credited to offset
Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25... Moderate Unreviewed
CVE-2026-23866 was published May 1, 2026
Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP ... High Unreviewed
CVE-2026-40434 was published Apr 17, 2026
OpenClaw: Arbitrary code execution via unvalidated WebView JavascriptInterface High
CVE-2026-35643 was published for openclaw (npm) Mar 26, 2026
cyjhhh Credited to cyjhhh
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to... High Unreviewed
CVE-2019-25613 was published Mar 22, 2026
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the... Moderate Unreviewed
CVE-2026-2967 was published Feb 23, 2026
Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of... Moderate Unreviewed
CVE-2026-22269 was published Feb 19, 2026
An Improper Verification of Source of a Communication Channel vulnerability [CWE-940]... Moderate Unreviewed
CVE-2025-62439 was published Feb 10, 2026
Affected products do not properly enforce TCP sequence number validation in specific scenarios... High Unreviewed
CVE-2025-40820 was published Dec 9, 2025
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an... Moderate Unreviewed
CVE-2025-13086 was published Dec 3, 2025
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly... Critical Unreviewed
CVE-2025-61932 was published Oct 20, 2025
The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18... Moderate Unreviewed
CVE-2025-43280 was published Oct 15, 2025
SillyTavern Web Interface Vulnerable DNS Rebinding Critical
CVE-2025-59159 was published for sillytavern (npm) Oct 6, 2025
Atom1cByte Credited to Atom1cByte
A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point... Moderate Unreviewed
CVE-2025-20365 was published Sep 24, 2025
Some payload elements of the messages sent between two stations in a networking architecture are... High Unreviewed
CVE-2025-9999 was published Sep 5, 2025
The widely used component that establishes outbound TLS connections in SAP NetWeaver Application... Low Unreviewed
CVE-2025-42978 was published Jul 8, 2025
Home Assistant does not correctly validate SSL for outgoing requests in core and used libs High
CVE-2025-25305 was published for homeassistant (pip) Feb 18, 2025
ReneNulschDE Credited to ReneNulschDE
An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can... High Unreviewed
CVE-2025-23222 was published Jan 24, 2025
A ZigBee coordinator, router, or end device may change their node ID when an unsolicited... Moderate Unreviewed
CVE-2024-7322 was published Jan 15, 2025
IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification... Moderate Unreviewed
CVE-2025-23018 was published Jan 14, 2025
IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed... Moderate Unreviewed
CVE-2025-23019 was published Jan 14, 2025
An improper verification of source of a communication channel vulnerability [CWE-940] in... Low Unreviewed
CVE-2024-36506 was published Jan 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database