Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

594 advisories

Loading
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka nick-vanpraet
A minor information leak when running Screen with setuid-root privileges allosw unprivileged... Low Unreviewed
CVE-2025-46804 was published May 26, 2025
CWE-203: Observable Discrepancy Moderate Unreviewed
CVE-2025-23182 was published May 22, 2025
Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields Low
CVE-2025-46720 was published for @keystone-6/core (npm) May 5, 2025
emmatown dcousens
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid... Moderate Unreviewed
CVE-2021-47664 was published Apr 24, 2025
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an... Moderate Unreviewed
CVE-2024-11084 was published Apr 15, 2025
During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered... Moderate Unreviewed
CVE-2025-0361 was published Apr 8, 2025
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive... Moderate Unreviewed
CVE-2024-51477 was published Mar 29, 2025
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow... High Unreviewed
CVE-2024-13939 was published Mar 28, 2025
An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/... Moderate Unreviewed
CVE-2025-30344 was published Mar 21, 2025
An unauthenticated remote attacker can gain access to sensitive information including... High Unreviewed
CVE-2025-1468 was published Mar 18, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations Moderate
CVE-2025-29780 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain... Low Unreviewed
CVE-2024-41760 was published Mar 11, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27667 was published Mar 5, 2025
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860... High Unreviewed
CVE-2024-41335 was published Feb 27, 2025
The login functionality of the web server in affected devices does not normalize the response... Moderate Unreviewed
CVE-2023-37482 was published Feb 11, 2025
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition... Moderate Unreviewed
CVE-2024-45089 was published Jan 31, 2025
A specific authentication strategy allows to learn ids of PAM users associated with certain... Moderate Unreviewed
CVE-2025-24506 was published Jan 30, 2025
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an... Moderate Unreviewed
CVE-2023-37413 was published Jan 29, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in... Critical Unreviewed
CVE-2025-24146 was published Jan 28, 2025
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an... Moderate Unreviewed
CVE-2023-47159 was published Jan 27, 2025
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due... Moderate Unreviewed
CVE-2024-35114 was published Jan 25, 2025
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to... High Unreviewed
CVE-2024-49734 was published Jan 22, 2025
In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an... Moderate Unreviewed
CVE-2024-49733 was published Jan 22, 2025
In multiple locations, there is a possible way to obtain any system permission due to a logic... High Unreviewed
CVE-2024-43095 was published Jan 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database