Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

104,063 advisories

Loading
An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass... High Unreviewed
CVE-2025-23119 was published Mar 1, 2025
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is... High Unreviewed
CVE-2024-1509 was published Mar 1, 2025
Formwork improperly validates input of User role preventing site and panel availability High
GHSA-c85w-x26q-ch87 was published for getformwork/formwork (Composer) Mar 1, 2025
Kyokito1412
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2... High Unreviewed
CVE-2025-0160 was published Feb 28, 2025
Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro High
CVE-2025-1686 was published for io.pebbletemplates:pebble (Maven) Feb 28, 2025
Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data... High Unreviewed
CVE-2025-24849 was published Feb 28, 2025
An attacker could expose cross-user personal identifiable information (PII) and personal health... High Unreviewed
CVE-2025-20060 was published Feb 28, 2025
The Dario Health portal service application is vulnerable to XSS, which could allow an attacker... High Unreviewed
CVE-2025-20049 was published Feb 28, 2025
An attacker with access to the Administration panel, specifically the "Role Management" tab, can... High Unreviewed
CVE-2025-22270 was published Feb 28, 2025
The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification... High Unreviewed
CVE-2024-9195 was published Feb 28, 2025
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for... High Unreviewed
CVE-2025-1570 was published Feb 28, 2025
The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all... High Unreviewed
CVE-2024-13831 was published Feb 28, 2025
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote,... High Unreviewed
CVE-2025-1513 was published Feb 28, 2025
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute... High Unreviewed
CVE-2025-0975 was published Feb 28, 2025
Spotipy's cache file, containing spotify auth token, is created with overly broad permissions High
CVE-2025-27154 was published for spotipy (pip) Feb 28, 2025
alichtman
The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and... High Unreviewed
CVE-2024-12811 was published Feb 28, 2025
The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... High Unreviewed
CVE-2025-1687 was published Feb 28, 2025
The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and... High Unreviewed
CVE-2025-1682 was published Feb 28, 2025
A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS... High Unreviewed
CVE-2025-25477 was published Feb 28, 2025
An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001... High Unreviewed
CVE-2025-25729 was published Feb 28, 2025
GeoVision GV-ASWeb with the version 6.1.2.0 or less, contains a Remote Code Execution (RCE)... High Unreviewed
CVE-2025-26264 was published Feb 28, 2025
In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which... High Unreviewed
CVE-2024-38291 was published Feb 28, 2025
A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200... High Unreviewed
CVE-2024-41338 was published Feb 27, 2025
An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8,... High Unreviewed
CVE-2024-41340 was published Feb 27, 2025
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860... High Unreviewed
CVE-2024-41336 was published Feb 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database