A year of open source vulnerability trends: CVEs, advisories, and malware

GitHub published 4,101 reviewed advisories in 2025. This is the fewest number of reviewed advisories since 2021. Does this mean open source is shipping more secure code? Let's dig into the data to find out. GitHub reviewed advisories Fewer advisories reviewed doesn't mean fewer vulnerabilities we...

Ubuntu: Security Advisory (USN-8033-5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Advisory EPM February 2026 for EPM 2024

Update 18 Feb: Added FAQ on patching Agents. Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one high severity vulnerability and one medium severity vulnerability. Successful exploitation could allow a remote authenticated attacker to leak arbitrary data or...

Fedora: Security Advisory (FEDORA-2026-126cd91d11)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-8663c5f961)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:0297-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 8. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 8 to address the issues. Vulnerability...

Slackware: Security Advisory (SSA:2026-007-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Dec 2025)

This host is missing a critical security update according to Microsoft Office Click-to-Run update December 2025. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Fedora: Security Advisory (FEDORA-2025-cbd9bd51dd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

TencentOS Server 3: thunderbird (TSSA-2025:0790)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0790 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Mozilla Firefox Security Advisory (MFSA2025-81) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2025-81. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Debian: Security Advisory (DLA-4327-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RockyLinux 9 : pam (RLSA-2025:15099)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:15099 advisory. linux-pam: Linux-pam directory Traversal CVE-2025-6020 linux-pam: Incomplete fix for CVE-2025-6020 CVE-2025-8941 Tenable has extracted the preceding...

AlmaLinux 8 : postgresql:13 (ALSA-2025:15021)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:15021 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation CVE-2025-871...

Microsoft and Adobe Patch Tuesday, August 2025 Security Update Review

It's the second Tuesday of August, and Microsoft has rolled out its latest security updates. Microsoft's August 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here's a quick breakdown of what you need to know. Microsof...

Security Updates for Microsoft Office Products (August 2025)

The Microsoft Office Products are missing security updates. They are, therefore, affected by multiple vulnerabilities. - A Remote Code Execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2025-53731, CVE-2025-53740 Note th...

CVE-2025-49601

creationtimestamp| type| source ---|---|--- 2025-08-06 13:54:19+00:00| seen| MISP/1413a78e-c0b3-4092-97e7-909fb9773448 2025-08-14 11:44:20+00:00| seen| MISP/1413a78e-c0b3-4092-97e7-909fb9773448...

CVE-2025-34147

creationtimestamp| type| source ---|---|--- 2025-08-04 20:24:13+00:00| seen| https://bsky.app/profile/undercode.bsky.social/post/3lvlzm2lq2c2c 2025-08-04 21:43:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvm5ztoqt72s 2025-08-05 00:01:31+00:00| seen|...

Apple MacOSX Security Update (HT124151)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...