Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

26 advisories

Loading
Fabio allows HTTP clients to manipulate custom headers it adds Critical
CVE-2025-48865 was published for github.com/fabiolb/fabio (Go) May 29, 2025
47Cid
The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern... Moderate Unreviewed
CVE-2025-47149 was published May 23, 2025
Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data... Moderate Unreviewed
CVE-2025-1245 was published May 16, 2025
Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN... High Unreviewed
CVE-2025-47424 was published May 10, 2025
SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes... Moderate Unreviewed
CVE-2025-43918 was published Apr 20, 2025
Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and... Low Unreviewed
CVE-2025-27913 was published Mar 10, 2025
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4... Moderate Unreviewed
CVE-2024-54840 was published Feb 3, 2025
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc) Moderate
CVE-2025-24856 was published for causal/oidc (Composer) Jan 28, 2025
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or... Low Unreviewed
CVE-2024-10977 was published Nov 14, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand High
CVE-2024-47880 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address... Moderate Unreviewed
CVE-2022-4534 was published Oct 8, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik Critical
CVE-2024-45410 was published for github.com/traefik/traefik (Go) Sep 19, 2024
drolmat
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4533 was published Sep 19, 2024
The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address... Moderate Unreviewed
CVE-2022-4529 was published Sep 5, 2024
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4539 was published Aug 31, 2024
The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions... Moderate Unreviewed
CVE-2022-4536 was published Aug 31, 2024
Serilog Client IP Spoofing vulnerability Moderate
CVE-2024-44930 was published for Serilog.Enrichers.ClientInfo (NuGet) Aug 29, 2024
vbakke
The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address... Moderate Unreviewed
CVE-2022-4532 was published Aug 17, 2024
Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue... Low Unreviewed
CVE-2022-44593 was published Jun 21, 2024
A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0... High Unreviewed
CVE-2024-23105 was published May 14, 2024
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source... High Unreviewed
CVE-2024-27773 was published Mar 18, 2024
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper... High Unreviewed
CVE-2023-35906 was published Sep 5, 2023
CasaOS Gateway vulnerable to incorrect identification of source IP addresses Critical
CVE-2023-37265 was published for github.com/IceWhaleTech/CasaOS-Gateway (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing... Moderate Unreviewed
CVE-2022-4537 was published Jul 6, 2023
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up... Moderate Unreviewed
CVE-2023-2897 was published Jun 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database