Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

89 advisories

Loading
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. High Unreviewed
CVE-2021-25254 was published May 21, 2025
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific... High Unreviewed
CVE-2025-1308 was published May 20, 2025
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows... High Unreviewed
CVE-2025-24338 was published Apr 30, 2025
YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution High
CVE-2025-46347 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0... High Unreviewed
CVE-2024-12368 was published Feb 25, 2025
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace High
CVE-2025-27108 was published for dom-expressions (npm) Feb 25, 2025
nsysean ryansolid
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) High
CVE-2025-27109 was published for solid-js (npm) Feb 25, 2025
ryansolid nsysean
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter High
CVE-2024-55663 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Dec 12, 2024
A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3... High Unreviewed
CVE-2024-46547 was published Dec 9, 2024
In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper... High Unreviewed
CVE-2018-9433 was published Nov 20, 2024
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow... High Unreviewed
CVE-2024-47549 was published Oct 25, 2024
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. High Unreviewed
CVE-2024-9348 was published Oct 16, 2024
Account users in Apache CloudStack by default are allowed to upload and register templates for... High Unreviewed
CVE-2024-45219 was published Oct 16, 2024
An unauthenticated local attacker can gain admin privileges by deploying a config file due to... High Unreviewed
CVE-2024-45271 was published Oct 15, 2024
Apache Airflow vulnerable to Improper Encoding or Escaping of Output High
CVE-2024-45498 was published for apache-airflow (pip) Sep 7, 2024
exolightor
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible... High Unreviewed
CVE-2024-34739 was published Aug 16, 2024
Windows App Installer Spoofing Vulnerability High Unreviewed
CVE-2024-38177 was published Aug 13, 2024
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with... High Unreviewed
CVE-2024-38473 was published Jul 1, 2024
An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via... High Unreviewed
CVE-2024-27629 was published Jun 29, 2024
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server... High Unreviewed
CVE-2024-4177 was published Jun 6, 2024
Gradio allows credential leakage on Windows High
CVE-2024-34510 was published for gradio (pip) May 5, 2024
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a... High Unreviewed
CVE-2024-1064 was published Feb 3, 2024
Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a... High Unreviewed
CVE-2023-28738 was published Jan 19, 2024
Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this... High Unreviewed
CVE-2023-52102 was published Jan 16, 2024
Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this... High Unreviewed
CVE-2023-52098 was published Jan 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database