Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,189 advisories

Loading
Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a... Moderate Unreviewed
CVE-2025-3074 was published Apr 2, 2025
Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote... Moderate Unreviewed
CVE-2025-3073 was published Apr 2, 2025
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52... Moderate Unreviewed
CVE-2025-3070 was published Apr 2, 2025
Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a... Moderate Unreviewed
CVE-2025-3072 was published Apr 2, 2025
The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-2779 was published Apr 2, 2025
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions... Moderate Unreviewed
CVE-2025-29982 was published Apr 2, 2025
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File... Moderate Unreviewed
CVE-2025-27692 was published Apr 2, 2025
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of... Moderate Unreviewed
CVE-2025-27693 was published Apr 2, 2025
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool... Moderate Unreviewed
CVE-2025-27694 was published Apr 2, 2025
Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a... Moderate Unreviewed
CVE-2023-46988 was published Apr 2, 2025
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times Moderate
CVE-2025-31135 was published for github.com/phires/go-guerrilla (Go) Apr 1, 2025
Zenexer
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-31819 was published Apr 1, 2025
Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. This issue affects Sliced... Moderate Unreviewed
CVE-2025-31628 was published Apr 1, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Animesh Kumar Advanced Speed Increaser. This... Moderate Unreviewed
CVE-2025-31753 was published Apr 1, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-31889 was published Apr 1, 2025
Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu allows Exploiting... Moderate Unreviewed
CVE-2025-31525 was published Apr 1, 2025
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in... Moderate Unreviewed
CVE-2025-31550 was published Apr 1, 2025
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images allows Exploiting... Moderate Unreviewed
CVE-2025-30853 was published Apr 1, 2025
Duplicate Advisory: MathLive's Lack of Escaping of HTML allows for XSS Moderate
GHSA-929m-phjg-qwcc was published for mathlive (npm) Apr 1, 2025 withdrawn
An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the... Moderate Unreviewed
CVE-2025-29036 was published Apr 1, 2025
Ouch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability Moderate
CVE-2024-13941 was published for ouch (Rust) Apr 1, 2025
An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via... Moderate Unreviewed
CVE-2003-20001 was published Apr 1, 2025
An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module,... Moderate Unreviewed
CVE-2025-26055 was published Apr 1, 2025
A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot... Moderate Unreviewed
CVE-2025-26056 was published Apr 1, 2025
Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) via the "Description" field... Moderate Unreviewed
CVE-2025-26054 was published Apr 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database