Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

280,576 advisories

Loading
Kyverno ignores subjectRegExp and IssuerRegExp Moderate
CVE-2025-29778 was published for github.com/kyverno/kyverno (Go) Mar 24, 2025
frgt10cs
Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers Low
CVE-2025-30162 was published for github.com/cilium/cilium (Go) Mar 24, 2025
pjablonski123
Spring Security Vulnerable to Authorization Bypass via Security Annotations Moderate
CVE-2025-22223 was published for org.springframework.security:spring-security-core (Maven) Mar 24, 2025
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute... High Unreviewed
CVE-2025-0255 was published Mar 24, 2025
On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the... High Unreviewed
CVE-2025-30112 was published Mar 24, 2025
A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the... Moderate Unreviewed
CVE-2025-2705 was published Mar 24, 2025
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn... Unknown Unreviewed
CVE-2025-29294 was published Mar 24, 2025
A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox... Moderate Unreviewed
CVE-2021-26105 was published Mar 24, 2025
Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email... Moderate Unreviewed
CVE-2024-9103 was published Mar 24, 2025
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information... Moderate Unreviewed
CVE-2025-0256 was published Mar 24, 2025
A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of... Critical Unreviewed
CVE-2023-25610 was published Mar 24, 2025
A use of a cryptographically weak pseudo-random number generator vulnerability in the... High Unreviewed
CVE-2021-26091 was published Mar 24, 2025
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free... Moderate Unreviewed
CVE-2025-1517 was published Mar 24, 2025
API Platform Core does not call GraphQl securityAfterResolver Moderate
CVE-2025-23204 was published for api-platform/core (Composer) Mar 24, 2025
soyuka vinceAmstoutz
ausi
pared Vulnerable to Use After Free in `Parc` and `Prc` Due to Missing Lifetime Constraints Moderate
GHSA-vgmh-mqm4-8j88 was published for pared (Rust) Mar 24, 2025
AWS CDK CodePipeline: trusted entities are too broad Low
GHSA-5pq3-h73f-66hr was published for aws-cdk-lib (npm) Mar 24, 2025
Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering... Moderate Unreviewed
CVE-2025-1558 was published Mar 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-30599 was published Mar 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-30600 was published Mar 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-30602 was published Mar 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink allows Stored XSS. This issue... High Unreviewed
CVE-2025-30603 was published Mar 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-30604 was published Mar 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-30606 was published Mar 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS... High Unreviewed
CVE-2025-30608 was published Mar 24, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts –... Moderate Unreviewed
CVE-2025-30609 was published Mar 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database