Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,198 advisories

Loading
IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which... Moderate Unreviewed
CVE-2024-56474 was published Apr 2, 2025
Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler Moderate
CVE-2023-27592 was published for miniflux.app/v2 (Go) Apr 2, 2025
fguillot 40826d
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2024-56341 was published Apr 2, 2025
Jenkins monitor-remote-job Plugin Stores Passwords Unencrypted Moderate
CVE-2025-31725 was published for org.ukiuni.monitor-remote-job-plugin:monitor-remote-job (Maven) Apr 2, 2025
Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted Moderate
CVE-2025-31724 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) Apr 2, 2025
Jenkins Missing Permission Check Moderate
CVE-2025-31720 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 2, 2025
Jenkins AsakusaSatellite Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31727 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Jenkins AsakusaSatellite Plugin Does not Mask API Keys via Job Configuration Form Moderate
CVE-2025-31728 was published for org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin (Maven) Apr 2, 2025
Jenkins Simple Queue Plugin Cross-Site Request Forgery (CSRF) Moderate
CVE-2025-31723 was published for io.jenkins.plugins:simple-queue (Maven) Apr 2, 2025
Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files Moderate
CVE-2025-31726 was published for org.jenkins-ci.plugins:stackhammer (Maven) Apr 2, 2025
Jenkins Missing Permission Check Moderate
CVE-2025-31721 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 2, 2025
IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could... Moderate Unreviewed
CVE-2024-25051 was published Apr 2, 2025
A denial of service vulnerability exists in the NetX Component HTTP server functionality of... Moderate Unreviewed
CVE-2024-50384 was published Apr 2, 2025
A denial of service vulnerability exists in the NetX Component HTTP server functionality of... Moderate Unreviewed
CVE-2024-50385 was published Apr 2, 2025
An integer underflow vulnerability exists in the HTTP server PUT request functionality of... Moderate Unreviewed
CVE-2024-50597 was published Apr 2, 2025
An integer underflow vulnerability exists in the HTTP server PUT request functionality of... Moderate Unreviewed
CVE-2024-50594 was published Apr 2, 2025
An integer underflow vulnerability exists in the HTTP server PUT request functionality of... Moderate Unreviewed
CVE-2024-50595 was published Apr 2, 2025
An integer underflow vulnerability exists in the HTTP server PUT request functionality of... Moderate Unreviewed
CVE-2024-50596 was published Apr 2, 2025
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's... Moderate Unreviewed
CVE-2025-21990 was published Apr 2, 2025
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing... Moderate Unreviewed
CVE-2025-21989 was published Apr 2, 2025
Django Potential Denial of Service (DoS) on Windows Moderate
CVE-2025-27556 was published for Django (pip) Apr 2, 2025
Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for... Moderate Unreviewed
CVE-2025-1805 was published Apr 2, 2025
A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and... Moderate Unreviewed
CVE-2025-2786 was published Apr 2, 2025
A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled... Moderate Unreviewed
CVE-2025-2842 was published Apr 2, 2025
The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id'... Moderate Unreviewed
CVE-2025-3098 was published Apr 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database