Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,190 advisories

Loading
A vulnerability classified as critical was found in fcba_zzm ics-park Smart Park Management... Moderate Unreviewed
CVE-2025-3135 was published Apr 3, 2025
A vulnerability classified as critical has been found in code-projects Payroll Management System... Moderate Unreviewed
CVE-2025-3134 was published Apr 3, 2025
Concrete CMS Vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Moderate
CVE-2025-3153 was published for concrete5/concrete5 (Composer) Apr 3, 2025
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential... Moderate Unreviewed
CVE-2025-0257 was published Apr 3, 2025
A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the... Moderate Unreviewed
CVE-2025-3121 was published Apr 3, 2025
A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by... Moderate Unreviewed
CVE-2025-3123 was published Apr 3, 2025
A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as... Moderate Unreviewed
CVE-2025-3119 was published Apr 3, 2025
A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been... Moderate Unreviewed
CVE-2025-3120 was published Apr 3, 2025
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code... Moderate Unreviewed
CVE-2025-3129 was published Apr 3, 2025
Drupal Obfuscate Vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2025-3130 was published for drupal/obfuscate (Composer) Apr 3, 2025
SourceCodester (rems) Employee Management System 1.0 is vulnerable to Cross Site Scripting (XSS)... Moderate Unreviewed
CVE-2025-29719 was published Apr 2, 2025
A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been classified as... Moderate Unreviewed
CVE-2025-3118 was published Apr 2, 2025
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network... Moderate Unreviewed
CVE-2025-20120 was published Apr 2, 2025
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network... Moderate Unreviewed
CVE-2025-20203 was published Apr 2, 2025
IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote... Moderate Unreviewed
CVE-2025-0154 was published Apr 2, 2025
IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2024-56475 was published Apr 2, 2025
IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due... Moderate Unreviewed
CVE-2024-56476 was published Apr 2, 2025
IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which... Moderate Unreviewed
CVE-2024-56474 was published Apr 2, 2025
Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler Moderate
CVE-2023-27592 was published for miniflux.app/v2 (Go) Apr 2, 2025
fguillot 40826d
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2024-56341 was published Apr 2, 2025
Jenkins Missing Permission Check Moderate
CVE-2025-31720 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 2, 2025
Jenkins AsakusaSatellite Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31727 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form Moderate
CVE-2025-31728 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Jenkins Simple Queue Plugin Cross-Site Request Forgery (CSRF) Moderate
CVE-2025-31723 was published for io.jenkins.plugins:simple-queue (Maven) Apr 2, 2025
Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31726 was published for org.jenkins-ci.plugins:stackhammer (Maven) Apr 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database