Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12,000 advisories

Loading
O2 UK through 2025-05-17 allows subscribers to determine the Cell ID of other subscribers by... Low Unreviewed
CVE-2025-48219 was published May 18, 2025
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with... Low Unreviewed
CVE-2025-41429 was published May 19, 2025
A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as... Low Unreviewed
CVE-2025-4839 was published May 18, 2025
Mattermost Fails to Check User Access to `ExperimentalSettings` Low
CVE-2025-2570 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an... Low Unreviewed
CVE-2025-4819 was published May 17, 2025
libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data... Low Unreviewed
CVE-2025-48188 was published May 16, 2025
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability.... Low Unreviewed
CVE-2023-42079 was published May 3, 2024
PDF-XChange Editor U3D File Parsing Uninitialized Variable Information Disclosure Vulnerability.... Low Unreviewed
CVE-2023-42056 was published May 3, 2024
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability.... Low Unreviewed
CVE-2023-42048 was published May 3, 2024
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability.... Low Unreviewed
CVE-2023-42046 was published May 3, 2024
HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated... Low Unreviewed
CVE-2024-42178 was published Apr 18, 2025
HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user... Low Unreviewed
CVE-2024-42174 was published Jan 11, 2025
Vyper's `concat()` builtin may elide side-effects for zero-length arguments Low
CVE-2025-47285 was published for vyper (pip) May 16, 2025
th3anatomist
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability... Low Unreviewed
CVE-2025-40632 was published May 16, 2025
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By... Low Unreviewed
CVE-2025-40631 was published May 16, 2025
undici Denial of Service attack via bad certificate data Low
CVE-2025-47279 was published for undici (npm) May 15, 2025
styfle mcollina
The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape... Low Unreviewed
CVE-2024-10554 was published Mar 25, 2025
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and... Low Unreviewed
CVE-2024-10545 was published Feb 25, 2025
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives Low Unreviewed
CVE-2024-24940 was published Feb 6, 2024
XMP Toolkit's `XmpFile::close` can trigger undefined behavior Low
GHSA-66fw-43h8-f8p3 was published for xmp_toolkit (Rust) Jul 26, 2024
The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when... Low Unreviewed
CVE-2024-5030 was published Nov 18, 2024
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings... Low Unreviewed
CVE-2024-10710 was published Nov 25, 2024
The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating... Low Unreviewed
CVE-2024-3629 was published May 15, 2024
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in... Low Unreviewed
CVE-2024-23217 was published Jan 23, 2024
The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its... Low Unreviewed
CVE-2024-2220 was published May 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database