Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

12,429 advisories

Loading
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab Low Unreviewed
CVE-2025-46618 was published Apr 25, 2025
Moodle's mod_data edit/delete pages pass CSRF token in GET parameter Low
CVE-2025-3637 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has a CSRF risk in user tours manager that allows tour duplication Low
CVE-2025-3635 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has a CSRF risk in Brickfield tool's analysis request action Low
CVE-2025-3638 was published for moodle/moodle (Composer) Apr 25, 2025
Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically... Low Unreviewed
CVE-2024-57375 was published Apr 25, 2025
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an... Low Unreviewed
CVE-2025-46546 was published Apr 25, 2025
Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Low Unreviewed
CVE-2024-30127 was published Apr 24, 2025
Missing "no cache" headers in HCL Leap permits user directory information to be cached. Low Unreviewed
CVE-2023-37516 was published Apr 24, 2025
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring... Low Unreviewed
CVE-2024-30114 was published Apr 24, 2025
Mattermost Playbooks fails to properly validate permissions Low
CVE-2025-41423 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information... Low Unreviewed
CVE-2025-25046 was published Apr 24, 2025
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv... Low Unreviewed
CVE-2024-58251 was published Apr 23, 2025
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through... Low Unreviewed
CVE-2025-46394 was published Apr 23, 2025
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled ... Low Unreviewed
CVE-2025-46393 was published Apr 23, 2025
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after... Low Unreviewed
CVE-2025-43965 was published Apr 23, 2025
NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an... Low Unreviewed
CVE-2025-23253 was published Apr 22, 2025
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may... Low Unreviewed
CVE-2025-2987 was published Apr 22, 2025
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415 Low
GHSA-5w6v-399v-w3cc was published for nokogiri (RubyGems) Apr 21, 2025
open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. Low Unreviewed
CVE-2025-29446 was published Apr 21, 2025
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. Low Unreviewed
CVE-2025-2517 was published Apr 21, 2025
OpenCMS Cross-Site Scripting vulnerability Low
CVE-2024-42699 was published for org.opencms:opencms-core (Maven) Apr 21, 2025
Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a... Low Unreviewed
CVE-2025-43916 was published Apr 21, 2025
An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA... Low Unreviewed
CVE-2025-3840 was published Apr 21, 2025
A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers ... Low Unreviewed
CVE-2025-25228 was published Apr 21, 2025
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image... Low Unreviewed
CVE-2025-43967 was published Apr 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database