Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

11,508 advisories

Loading
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not... Low Unreviewed
CVE-2020-1100 was published May 24, 2022
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not... Low Unreviewed
CVE-2020-0933 was published May 24, 2022
During an address list folding when a separating comma ends up on a folded line and that line is... Low Unreviewed
CVE-2025-1795 was published Feb 28, 2025
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Low Unreviewed
CVE-2023-38158 was published Aug 21, 2023
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not... Low Unreviewed
CVE-2020-1320 was published May 24, 2022
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not... Low Unreviewed
CVE-2020-1183 was published May 24, 2022
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not... Low Unreviewed
CVE-2020-0923 was published May 24, 2022
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not... Low Unreviewed
CVE-2020-0894 was published May 24, 2022
In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject... Low Unreviewed
CVE-2025-22272 was published Feb 28, 2025
It is possible to inject HTML code into the page content using the "content" field in the ... Low Unreviewed
CVE-2025-22274 was published Feb 28, 2025
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability Low
CVE-2025-24432 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability Low
CVE-2025-24430 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Low
CVE-2025-24429 was published for magento/community-edition (Composer) Feb 11, 2025
An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4... Low Unreviewed
CVE-2025-0914 was published Feb 27, 2025
MongoDB Shell may be susceptible to control character Injection via shell output Low
CVE-2025-1693 was published for mongosh (npm) Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56494 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56493 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56495 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56496 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56810 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56811 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed... Low Unreviewed
CVE-2024-56812 was published Feb 27, 2025
IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due... Low Unreviewed
CVE-2025-0759 was published Feb 27, 2025
langchain Server-Side Request Forgery vulnerability Low
CVE-2024-0243 was published for langchain (pip) Feb 26, 2024
copyparty renders unsanitized filenames as HTML when user uploads empty files Low
CVE-2025-27145 was published for copyparty (pip) Feb 26, 2025
JayPatel48
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database