Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

265 advisories

Loading
In multiple locations, there is a possible way to access content across user profiles due to URI... Moderate Unreviewed
CVE-2025-0083 was published Aug 27, 2025
An unauthenticated local attacker can gain admin privileges by deploying a config file due to... High Unreviewed
CVE-2024-45271 was published Oct 15, 2024
Apache Tomcat Rewrite rule bypass Low
CVE-2025-31651 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 28, 2025
amita-seal taxone
Duplicate Advisory: Multiple issues involving quote API in shlex Low
GHSA-286m-6pg9-v42v was published for shlex (Rust) Jul 28, 2025 withdrawn
Mattermost password hash disclosure vulnerability Moderate
CVE-2023-5968 was published for github.com/mattermost/mattermost-server (Go) Nov 6, 2023
MarkLee131
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when... Moderate Unreviewed
CVE-2025-6429 was published Jun 26, 2025
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33... Moderate Unreviewed
CVE-2024-40088 was published Oct 21, 2024
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki -... Critical Unreviewed
CVE-2025-32074 was published Apr 11, 2025
Account users in Apache CloudStack by default are allowed to upload and register templates for... High Unreviewed
CVE-2024-45219 was published Oct 16, 2024
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with... High Unreviewed
CVE-2024-38473 was published Jul 1, 2024
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly... Moderate Unreviewed
CVE-2024-0233 was published Jan 16, 2024
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not... Moderate Unreviewed
CVE-2023-6005 was published Jan 16, 2024
Gradio allows credential leakage on Windows High
CVE-2024-34510 was published for gradio (pip) May 5, 2024
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection... Moderate Unreviewed
CVE-2025-5271 was published May 27, 2025
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN... Moderate Unreviewed
CVE-2021-25262 was published May 21, 2025
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. High Unreviewed
CVE-2021-25254 was published May 21, 2025
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An... Moderate Unreviewed
CVE-2024-4420 was published May 21, 2024
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows,... Moderate Unreviewed
CVE-2025-3942 was published May 22, 2025
Apache Airflow vulnerable to Improper Encoding or Escaping of Output High
CVE-2024-45498 was published for apache-airflow (pip) Sep 7, 2024
exolightor
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can... High Unreviewed
CVE-2022-41322 was published Sep 25, 2022
IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due... Moderate Unreviewed
CVE-2025-25029 was published May 28, 2025
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific... High Unreviewed
CVE-2025-1308 was published May 20, 2025
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow Low
CVE-2025-47280 was published for Umbraco.Forms (NuGet) May 13, 2025
Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass... Critical Unreviewed
CVE-2024-56524 was published May 12, 2025
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as... High Unreviewed
CVE-2022-25235 was published Feb 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database