Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
XWiki exposes passwords and emails stored in fields not named password/email in xml.vm High
CVE-2025-54125 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
XWiki leaks password hashes and other accessible password properties High
CVE-2025-54124 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and... High Unreviewed
CVE-2025-43227 was published Jul 30, 2025
DynamicPageList3 vulnerability exposes hidden/suppressed usernames High
CVE-2025-53625 was published for universal-omega/dynamic-page-list3 (Composer) Jul 10, 2025
Markus-Rost Universal-Omega
Credited to Markus-Rost and Universal-Omega
Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack... High Unreviewed
CVE-2025-49715 was published Jun 20, 2025
Exposure of private personal information to an unauthorized actor in the user vaults component of... High Unreviewed
CVE-2025-5334 was published May 29, 2025
An information disclosure vulnerability exists in the latest version of transformeroptimus... High Unreviewed
CVE-2024-10267 was published Mar 20, 2025
Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an... High Unreviewed
CVE-2024-11216 was published Mar 5, 2025
An attacker could expose cross-user personal identifiable information (PII) and personal health... High Unreviewed
CVE-2025-20060 was published Feb 28, 2025
In its default configuration, the affected product transmits plain-text patient data to a hard... High Unreviewed
CVE-2025-0683 was published Jan 30, 2025
Updatecli exposes Maven credentials in console output High
CVE-2025-24355 was published for github.com/updatecli/updatecli (Go) Jan 24, 2025
gionn olblak
Credited to gionn and olblak
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could... High Unreviewed
CVE-2024-42494 was published Dec 6, 2024
Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to... High Unreviewed
CVE-2024-11206 was published Nov 14, 2024
This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain... High Unreviewed
CVE-2024-47087 was published Sep 19, 2024
This vulnerability exists in LD DP Back Office due to improper validation of certain parameters ... High Unreviewed
CVE-2024-47085 was published Sep 19, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive... High Unreviewed
CVE-2024-45787 was published Sep 11, 2024
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user... High Unreviewed
CVE-2024-7697 was published Aug 12, 2024
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime... High Unreviewed
CVE-2024-30321 was published Jul 9, 2024
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a... High Unreviewed
CVE-2024-36682 was published Jun 25, 2024
In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a... High Unreviewed
CVE-2024-36677 was published Jun 19, 2024
An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive... High Unreviewed
CVE-2023-50053 was published Apr 30, 2024
An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive... High Unreviewed
CVE-2024-33271 was published Apr 29, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability High Unreviewed
CVE-2024-26192 was published Feb 24, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Botanik Software... High Unreviewed
CVE-2023-5983 was published Nov 22, 2023
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
Credited to TrueSkrillor and lambdafu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database