Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,534 advisories

Loading
A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2025-28198 was published Apr 15, 2025
Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not... Moderate Unreviewed
CVE-2024-13177 was published Apr 15, 2025
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an... Moderate Unreviewed
CVE-2024-11084 was published Apr 15, 2025
In JotUrl 2.0, is possible to bypass security requirements during the password change process. Moderate Unreviewed
CVE-2025-24949 was published Apr 15, 2025
In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to... Moderate Unreviewed
CVE-2025-24948 was published Apr 15, 2025
SQL injection vulnerability found in Enricozab CMS v.1.0 allows a remote attacker to execute... Moderate Unreviewed
CVE-2020-18243 was published Apr 15, 2025
This vulnerability allows any authenticated user to cause the server to consume very large... Moderate Unreviewed
CVE-2025-32949 was published Apr 15, 2025
When an email contains multiple attachments with external links via the X-Mozilla-External... Moderate Unreviewed
CVE-2025-3523 was published Apr 15, 2025
Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which... Moderate Unreviewed
CVE-2025-3522 was published Apr 15, 2025
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a... Moderate Unreviewed
CVE-2025-28144 was published Apr 15, 2025
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a... Moderate Unreviewed
CVE-2025-28145 was published Apr 15, 2025
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick... Moderate Unreviewed
CVE-2025-2830 was published Apr 15, 2025
This vulnerability allows any attacker to add playlists to a different user’s channel using the... Moderate Unreviewed
CVE-2025-32946 was published Apr 15, 2025
The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning... Moderate Unreviewed
CVE-2025-32944 was published Apr 15, 2025
cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=. Moderate Unreviewed
CVE-2025-27980 was published Apr 15, 2025
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a... Moderate Unreviewed
CVE-2025-28143 was published Apr 15, 2025
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in... Moderate Unreviewed
CVE-2025-28136 was published Apr 15, 2025
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a... Moderate Unreviewed
CVE-2025-28142 was published Apr 15, 2025
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port... Moderate Unreviewed
CVE-2025-32102 was published Apr 15, 2025
A race condition existed in nsHttpTransaction that could have been exploited to cause memory... Moderate Unreviewed
CVE-2025-3608 was published Apr 15, 2025
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the ... Moderate Unreviewed
CVE-2025-32103 was published Apr 15, 2025
Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field... Moderate Unreviewed
CVE-2025-29280 was published Apr 15, 2025
The vulnerability allows an existing user to add playlists to a different user’s channel using... Moderate Unreviewed
CVE-2025-32945 was published Apr 15, 2025
Missing Authorization vulnerability in VW Themes Industrial Lite allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-26955 was published Apr 15, 2025
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request... Moderate Unreviewed
CVE-2025-30965 was published Apr 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database