Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,427 advisories

Loading
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Moderate Unreviewed
CVE-2025-32499 was published Apr 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-31008 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in AboZain Albanna Customize Login Page allows... Moderate Unreviewed
CVE-2025-31034 was published Apr 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts allows Cross Site Request... Moderate Unreviewed
CVE-2025-31005 was published Apr 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-31017 was published Apr 9, 2025
Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly... Moderate Unreviewed
CVE-2025-31012 was published Apr 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-31035 was published Apr 9, 2025
Missing Authorization vulnerability in Croover.inc Rich Table of Contents allows Exploiting... Moderate Unreviewed
CVE-2025-31004 was published Apr 9, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-31020 was published Apr 9, 2025
Missing Authorization vulnerability in rtakao Sandwich Adsense allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-31042 was published Apr 9, 2025
Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side... Moderate Unreviewed
CVE-2025-31009 was published Apr 9, 2025
PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2. Moderate Unreviewed
CVE-2025-29389 was published Apr 9, 2025
IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system... Moderate Unreviewed
CVE-2025-25023 was published Apr 9, 2025
Apache ActiveMQ Artemis Vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-27391 was published for org.apache.activemq:artemis-project (Maven) Apr 9, 2025
IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability... Moderate Unreviewed
CVE-2023-33844 was published Apr 9, 2025
wallabag/wallabag Has Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities Moderate
GHSA-5pm7-cp8f-p2c2 was published for wallabag/wallabag (Composer) Apr 9, 2025
yguedidi
xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory Moderate
CVE-2025-32381 was published for xgrammar (pip) Apr 9, 2025
russellb Ubospica
DarkSharpness
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function Moderate
CVE-2025-32379 was published for koa (npm) Apr 9, 2025
linhnph05
DotNetNuke.Core Vulnerable to Server-Side Request Forgery (SSRF) Moderate
CVE-2025-32372 was published for DotNetNuke.Core (NuGet) Apr 9, 2025
s0nnyWT valadas
david-poindexter
bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing Moderate
CVE-2025-32025 was published for github.com/bep/imagemeta (Go) Apr 9, 2025
jupenur
bep/imagemeta allows excessively large EXIF data structures Moderate
CVE-2025-32024 was published for github.com/bep/imagemeta (Go) Apr 9, 2025
jupenur
Apache Pulsar Kafka Connector Logs Sensitive Information in Application Logs Moderate
CVE-2025-30677 was published for org.apache.pulsar:pulsar-io-kafka (Maven) Apr 9, 2025
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could... Moderate Unreviewed
CVE-2025-2441 was published Apr 9, 2025
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could... Moderate Unreviewed
CVE-2025-2442 was published Apr 9, 2025
CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially... Moderate Unreviewed
CVE-2025-2440 was published Apr 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database