Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

131,255 advisories

Loading
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored... Moderate Unreviewed
CVE-2025-22388 was published Jan 4, 2025
IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization... Moderate Unreviewed
CVE-2024-55897 was published Jan 4, 2025
IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content... Moderate Unreviewed
CVE-2024-55896 was published Jan 4, 2025
The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server... Moderate Unreviewed
CVE-2024-12237 was published Jan 4, 2025
A vulnerability, which was classified as critical, was found in code-projects Point of Sales and... Moderate Unreviewed
CVE-2025-0199 was published Jan 4, 2025
A vulnerability, which was classified as critical, has been found in code-projects Point of Sales... Moderate Unreviewed
CVE-2025-0198 was published Jan 3, 2025
A vulnerability classified as critical was found in code-projects Point of Sales and Inventory... Moderate Unreviewed
CVE-2025-0197 was published Jan 3, 2025
A vulnerability classified as critical has been found in code-projects Point of Sales and... Moderate Unreviewed
CVE-2025-0196 was published Jan 3, 2025
Next.js Allows a Denial of Service (DoS) with Server Actions Moderate
CVE-2024-56332 was published for next (npm) Jan 3, 2025
gnoff ztanner
eps1lon
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an... Moderate Unreviewed
CVE-2024-36613 was published Jan 3, 2025
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It... Moderate Unreviewed
CVE-2025-0195 was published Jan 3, 2025
PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2024-56412 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header Moderate
CVE-2024-56411 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties Moderate
CVE-2024-56410 was published for phpoffice/phpexcel (Composer) Jan 3, 2025
Trix allows Cross-site Scripting via `javascript:` url in a link Moderate
CVE-2025-21610 was published for trix (npm) Jan 3, 2025
th4s1s intrip
Karmada Tar Slips in CRDs archive extraction Moderate
CVE-2024-56514 was published for github.com/karmada-io/karmada (Go) Jan 3, 2025
zhzhuang-zju RainbowMango
TheZ3ro suidpit
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2024-5591 was published Jan 3, 2025
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain... Moderate Unreviewed
CVE-2024-41780 was published Jan 3, 2025
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Moderate Unreviewed
CVE-2024-12132 was published Jan 3, 2025
In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a... Moderate Unreviewed
CVE-2024-53836 was published Jan 3, 2025
In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a... Moderate Unreviewed
CVE-2024-53839 was published Jan 3, 2025
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It... Moderate Unreviewed
CVE-2025-0176 was published Jan 3, 2025
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It... Moderate Unreviewed
CVE-2025-0174 was published Jan 3, 2025
A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic.... Moderate Unreviewed
CVE-2025-0175 was published Jan 3, 2025
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ Moderate
CVE-2024-56199 was published for phpmyfaq/phpmyfaq (Composer) Jan 2, 2025
geo-chen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database