Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

113 advisories

Loading
Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre... Moderate Unreviewed
CVE-2025-35981 was published Oct 23, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global... Moderate Unreviewed
CVE-2025-62644 was published Oct 17, 2025
An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in... Moderate Unreviewed
CVE-2025-53950 was published Oct 16, 2025
In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire... Low Unreviewed
CVE-2025-5009 was published Oct 8, 2025
Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing... Moderate Unreviewed
CVE-2025-10859 was published Sep 30, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in... Low Unreviewed
CVE-2025-43357 was published Sep 16, 2025
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43310 was published Sep 16, 2025
A privacy issue was addressed with improved private data redaction for log entries. This issue is... Moderate Unreviewed
CVE-2025-43279 was published Sep 16, 2025
A privacy issue was addressed with improved private data redaction for log entries. This issue is... Low Unreviewed
CVE-2025-43301 was published Sep 16, 2025
Presta Shop vulnerable to email enumeration Moderate
CVE-2025-51586 was published for prestashop/prestashop (Composer) Sep 4, 2025
A low-privileged remote attacker can obtain the username of another registered Sunny Portal user... Moderate Unreviewed
CVE-2025-41685 was published Aug 19, 2025
Exposure of private personal information to an unauthorized actor in Azure Stack allows an... Moderate Unreviewed
CVE-2025-53765 was published Aug 12, 2025
XWiki exposes passwords and emails stored in fields not named password/email in xml.vm High
CVE-2025-54125 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
XWiki leaks password hashes and other accessible password properties High
CVE-2025-54124 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in... Moderate Unreviewed
CVE-2025-43259 was published Jul 30, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and... High Unreviewed
CVE-2025-43227 was published Jul 30, 2025
The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.9, iOS 18... Moderate Unreviewed
CVE-2025-43217 was published Jul 30, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and... Moderate Unreviewed
CVE-2025-31276 was published Jul 30, 2025
DynamicPageList3 vulnerability exposes hidden/suppressed usernames High
CVE-2025-53625 was published for universal-omega/dynamic-page-list3 (Composer) Jul 10, 2025
Markus-Rost Universal-Omega
Credited to Markus-Rost and Universal-Omega
A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2... Moderate Unreviewed
CVE-2025-6017 was published Jul 2, 2025
Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack... High Unreviewed
CVE-2025-49715 was published Jun 20, 2025
Weblate exposes personal IP address via e-mail Low
CVE-2025-49134 was published for weblate (pip) Jun 16, 2025
amCap1712 nijel
Credited to amCap1712 and nijel
Exposure of private personal information to an unauthorized actor in the user vaults component of... High Unreviewed
CVE-2025-5334 was published May 29, 2025
Sensitive device logger information in ASPECT may be exposed if administrator credentials become... Moderate Unreviewed
CVE-2024-13953 was published May 22, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17... Moderate Unreviewed
CVE-2025-0679 was published May 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database