Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

53 advisories

Loading
An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a... High Unreviewed
CVE-2023-31313 was published Feb 12, 2026
Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName High
CVE-2026-24470 was published for github.com/zalando/skipper (Go) Jan 26, 2026
b0b0haha moyushui
j311yl0v3u
Credited to b0b0haha, moyushui, and j311yl0v3u
SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions High
GHSA-3v2x-9xcv-2v2v was published for surrealdb (Rust) Jan 22, 2026
cure53
Credited to cure53
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This... Critical Unreviewed
CVE-2025-64125 was published Jan 3, 2026
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This... Critical Unreviewed
CVE-2025-64123 was published Jan 3, 2026
Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries Moderate
CVE-2025-68944 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Misconfigured Internal Proxy in runtimes-inventory-rhel8-operator Grants Standard Users Full Cluster Administrator Access High
CVE-2025-11393 was published for github.com/RedHatInsights/runtimes-inventory-operator (Go) Dec 15, 2025
In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused... Moderate Unreviewed
CVE-2025-36889 was published Dec 11, 2025
In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image... High Unreviewed
CVE-2025-48628 was published Dec 8, 2025
In multiple locations, there is a possible way to alter the primary user's face unlock settings... Moderate Unreviewed
CVE-2025-48598 was published Dec 8, 2025
In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from... High Unreviewed
CVE-2025-48586 was published Dec 8, 2025
In multiple locations, there is a possible way to leak audio files across user profiles due to a... High Unreviewed
CVE-2025-22420 was published Dec 8, 2025
In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for... High Unreviewed
CVE-2025-48536 was published Dec 8, 2025
In multiple functions of NotificationStation.java, there is a possible cross-profile information... High Unreviewed
CVE-2025-48555 was published Dec 8, 2025
fastify-reply-from affected by bypass of reply forwarding Moderate
CVE-2025-66415 was published for @fastify/reply-from (npm) Dec 2, 2025
rozzilla
Credited to rozzilla
Rack has a Possible Information Disclosure Vulnerability Moderate
CVE-2025-61780 was published for rack (RubyGems) Oct 10, 2025
leahneukirchen jeremyevans
matthewd ioquatix
Credited to leahneukirchen, jeremyevans, matthewd, and ioquatix
marimo vulnerable to proxy abuse of /mpl/{port}/ Moderate
GHSA-xjv7-6w92-42r7 was published for marimo (pip) Oct 1, 2025
acepace
Credited to acepace
In App Widget, there is a possible Information Disclosure due to a confused deputy. This could... Moderate Unreviewed
CVE-2025-32317 was published Sep 5, 2025
In System UI, there is a possible way to view other users' images due to a confused deputy. This... High Unreviewed
CVE-2025-32320 was published Sep 5, 2025
In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots... High Unreviewed
CVE-2025-26452 was published Sep 5, 2025
In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a... Moderate Unreviewed
CVE-2025-48560 was published Sep 4, 2025
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data... Moderate Unreviewed
CVE-2025-48529 was published Sep 4, 2025
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access... Moderate Unreviewed
CVE-2025-48545 was published Sep 4, 2025
In multiple locations, there is a possible leak of an image across the Android User isolation... Moderate Unreviewed
CVE-2025-48551 was published Sep 4, 2025
In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the... High Unreviewed
CVE-2025-48532 was published Sep 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database