Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

266 advisories

Loading
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki -... Moderate Unreviewed
CVE-2025-32078 was published Apr 11, 2025
SVG's <code>&lt;use&gt;</code> element could have been used to load unexpected content that could... High Unreviewed
CVE-2022-28284 was published Dec 22, 2022
KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability... Moderate Unreviewed
CVE-2022-43543 was published Dec 21, 2022
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped... High Unreviewed
CVE-2022-22744 was published Dec 22, 2022
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special... High Unreviewed
CVE-2016-3063 was published May 17, 2022
A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches,... Moderate Unreviewed
CVE-2017-12340 was published May 13, 2022
Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding... Moderate Unreviewed
CVE-2025-23377 was published Apr 28, 2025
YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution High
CVE-2025-46347 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows... High Unreviewed
CVE-2025-24338 was published Apr 30, 2025
org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type Critical
CVE-2025-32974 was published for org.xwiki.platform:xwiki-platform-security-requiredrights-default (Maven) Apr 29, 2025
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an... Critical Unreviewed
CVE-2024-38475 was published Jul 1, 2024
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker... Moderate Unreviewed
CVE-2025-4084 was published Apr 29, 2025
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to Moderate
CVE-2023-28362 was published for actionpack (RubyGems) Jun 29, 2023
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as... High Unreviewed
CVE-2022-25235 was published Feb 17, 2022
Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass... Critical Unreviewed
CVE-2024-56524 was published May 12, 2025
Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow Low
CVE-2025-47280 was published for Umbraco.Forms (NuGet) May 13, 2025
A vulnerability exists in PX Backup whereby sensitive information may be logged under specific... High Unreviewed
CVE-2025-1308 was published May 20, 2025
IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due... Moderate Unreviewed
CVE-2025-25029 was published May 28, 2025
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can... High Unreviewed
CVE-2022-41322 was published Sep 25, 2022
Apache Airflow vulnerable to Improper Encoding or Escaping of Output High
CVE-2024-45498 was published for apache-airflow (pip) Sep 7, 2024
exolightor
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows,... Moderate Unreviewed
CVE-2025-3942 was published May 22, 2025
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An... Moderate Unreviewed
CVE-2024-4420 was published May 21, 2024
Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. High Unreviewed
CVE-2021-25254 was published May 21, 2025
Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN... Moderate Unreviewed
CVE-2021-25262 was published May 21, 2025
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection... Moderate Unreviewed
CVE-2025-5271 was published May 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database