Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
36
Go
2,521
Maven
5,000+
npm
4,167
NuGet
741
pip
3,963
Pub
12
RubyGems
946
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
In App Widget, there is a possible Information Disclosure due to a confused deputy. This could... Moderate Unreviewed
CVE-2025-32317 was published Sep 5, 2025
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access... Moderate Unreviewed
CVE-2025-48545 was published Sep 4, 2025
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data... Moderate Unreviewed
CVE-2025-48529 was published Sep 4, 2025
In multiple locations, there is a possible leak of an image across the Android User isolation... Moderate Unreviewed
CVE-2025-48551 was published Sep 4, 2025
In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a... Moderate Unreviewed
CVE-2025-48560 was published Sep 4, 2025
kro Confused Deputy vulnerability Moderate
CVE-2025-48710 was published for github.com/kro-run/kro (Go) Jun 4, 2025
Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series... Moderate Unreviewed
CVE-2025-25061 was published Apr 4, 2025
An external service interaction vulnerability in GitLab EE affecting all versions from 15.11... Moderate Unreviewed
CVE-2024-9870 was published Feb 12, 2025
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull Moderate
CVE-2024-34068 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux matthewpi
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users... Moderate Unreviewed
CVE-2024-0387 was published Feb 26, 2024
In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to... Moderate Unreviewed
CVE-2023-21082 was published Apr 19, 2023
Jenkins Publisher Over CIFS Plugin confused deputy vulnerability Moderate
CVE-2018-1999038 was published for org.jenkins-ci.plugins:publish-over-cifs (Maven) May 14, 2022
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0... Moderate Unreviewed
CVE-2018-16598 was published May 14, 2022
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to... Moderate Unreviewed
CVE-2018-12182 was published May 14, 2022
Confused Deputy in Kubernetes Moderate
CVE-2020-8561 was published for k8s.io/kubernetes (Go) Sep 21, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network Moderate
GHSA-6rg3-8h8x-5xfv was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix Moderate
CVE-2020-5412 was published for org.springframework.cloud:spring-cloud-netflix (Maven) Apr 30, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database