Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,163 advisories

Loading
A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is... Moderate Unreviewed
CVE-2025-4293 was published May 6, 2025
A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is... Moderate Unreviewed
CVE-2025-4291 was published May 6, 2025
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack Moderate
CVE-2025-46730 was published for mobsf (pip) May 5, 2025
ssshah2131
league/commonmark contains a XSS vulnerability in Attributes extension Moderate
CVE-2025-46734 was published for league/commonmark (Composer) May 5, 2025
TRIKKSS
Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload Moderate
CVE-2025-46335 was published for mobsf (pip) May 5, 2025
ssshah2131
Fleet doesn’t validate a server’s certificate when connecting through SSH Moderate
CVE-2025-23390 was published for github.com/rancher/fleet (Go) Apr 25, 2025
CNCF K3s Kubernetes kubelet configuration exposes credentials Moderate
CVE-2025-46599 was published for github.com/k3s-io/k3s (Go) Apr 25, 2025
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to... Moderate Unreviewed
CVE-2022-42317 was published Nov 1, 2022
The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters,... Moderate Unreviewed
CVE-2023-7246 was published Mar 20, 2024
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable... Moderate Unreviewed
CVE-2024-0337 was published Mar 20, 2024
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to... Moderate Unreviewed
CVE-2022-42316 was published Nov 1, 2022
A permissions issue existed. This issue was addressed with improved permission validation. This... Moderate Unreviewed
CVE-2022-42788 was published Nov 2, 2022
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1... Moderate Unreviewed
CVE-2025-0915 was published May 5, 2025
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1... Moderate Unreviewed
CVE-2025-1000 was published May 5, 2025
HCL BigFix Compliance is affected by inclusion of temporary files left in the production... Moderate Unreviewed
CVE-2024-42213 was published May 5, 2025
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by... Moderate Unreviewed
CVE-2025-4287 was published May 5, 2025
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to... Moderate Unreviewed
CVE-2024-42212 was published May 5, 2025
A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as... Moderate Unreviewed
CVE-2025-4286 was published May 5, 2025
The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of... Moderate Unreviewed
CVE-2024-0973 was published Mar 18, 2024
The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape... Moderate Unreviewed
CVE-2024-1401 was published Mar 19, 2024
In DA, there is a possible permission bypass due to an incorrect status check. This could lead to... Moderate Unreviewed
CVE-2023-32871 was published May 6, 2024
The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and... Moderate Unreviewed
CVE-2024-3941 was published May 14, 2024
The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of... Moderate Unreviewed
CVE-2024-1333 was published Mar 18, 2024
The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode... Moderate Unreviewed
CVE-2024-1331 was published Mar 18, 2024
The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG... Moderate Unreviewed
CVE-2023-7085 was published Mar 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database