Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

10,889 advisories

Loading
Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically... Low Unreviewed
CVE-2024-57375 was published Apr 25, 2025
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an... Low Unreviewed
CVE-2025-46546 was published Apr 25, 2025
Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Low Unreviewed
CVE-2024-30127 was published Apr 24, 2025
Missing "no cache" headers in HCL Leap permits user directory information to be cached. Low Unreviewed
CVE-2023-37516 was published Apr 24, 2025
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring... Low Unreviewed
CVE-2024-30114 was published Apr 24, 2025
IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information... Low Unreviewed
CVE-2025-25046 was published Apr 24, 2025
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv... Low Unreviewed
CVE-2024-58251 was published Apr 23, 2025
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through... Low Unreviewed
CVE-2025-46394 was published Apr 23, 2025
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled ... Low Unreviewed
CVE-2025-46393 was published Apr 23, 2025
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after... Low Unreviewed
CVE-2025-43965 was published Apr 23, 2025
NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an... Low Unreviewed
CVE-2025-23253 was published Apr 22, 2025
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may... Low Unreviewed
CVE-2025-2987 was published Apr 22, 2025
open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. Low Unreviewed
CVE-2025-29446 was published Apr 21, 2025
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. Low Unreviewed
CVE-2025-2517 was published Apr 21, 2025
Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a... Low Unreviewed
CVE-2025-43916 was published Apr 21, 2025
An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA... Low Unreviewed
CVE-2025-3840 was published Apr 21, 2025
A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers ... Low Unreviewed
CVE-2025-25228 was published Apr 21, 2025
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image... Low Unreviewed
CVE-2025-43967 was published Apr 21, 2025
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag... Low Unreviewed
CVE-2025-43961 was published Apr 21, 2025
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. Low Unreviewed
CVE-2025-43966 was published Apr 21, 2025
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer... Low Unreviewed
CVE-2025-43963 was published Apr 21, 2025
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp... Low Unreviewed
CVE-2025-43964 was published Apr 21, 2025
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads... Low Unreviewed
CVE-2025-43962 was published Apr 21, 2025
TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs. Low Unreviewed
CVE-2025-43955 was published Apr 20, 2025
mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain... Low Unreviewed
CVE-2023-30421 was published Apr 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database