Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

9,813 advisories

Loading
The BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is... Moderate Unreviewed
CVE-2025-6722 was published Aug 2, 2025
OpenSearch unauthorized data access on fields protected by field level security if field is a member of an object Moderate
GHSA-2rjv-cv85-xhgm was published for org.opensearch.plugin:opensearch-security (Maven) Aug 1, 2025
OpenSearch unauthorized data access on fields protected by field masking for fields of type ip, geo_point, geo_shape, xy_point, xy_shape Moderate
GHSA-rrmm-wq7q-h4v5 was published for org.opensearch.plugin:opensearch-security (Maven) Aug 1, 2025
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is... Moderate Unreviewed
CVE-2025-4523 was published Aug 1, 2025
An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information... High Unreviewed
CVE-2025-45620 was published Jul 30, 2025
GitProxy Hidden Commits Injection High
CVE-2025-54586 was published for @finos/git-proxy (npm) Jul 30, 2025
Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non... Moderate Unreviewed
CVE-2025-43018 was published Jul 30, 2025
The vulnerability was identified in the code developed specifically for Lenovo. Please visit ... Moderate Unreviewed
CVE-2025-4426 was published Jul 30, 2025
This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS... Moderate Unreviewed
CVE-2025-43246 was published Jul 30, 2025
This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6... Critical Unreviewed
CVE-2025-43189 was published Jul 30, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6.... Moderate Unreviewed
CVE-2025-43215 was published Jul 30, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-31279 was published Jul 30, 2025
Umbraco Delivery API allows for cached requests to be returned with an invalid API key Moderate
CVE-2025-54425 was published for Umbraco.Cms.Api.Delivery (NuGet) Jul 29, 2025
Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs Moderate
CVE-2025-50738 was published for github.com/usememos/memos (Go) Jul 29, 2025
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as... Moderate Unreviewed
CVE-2025-8226 was published Jul 27, 2025
Opencast still publishes global system account credentials Moderate
CVE-2025-54380 was published for org.opencastproject:opencast-common (Maven) Jul 25, 2025
lkiesow
Certain HP DesignJet products may be vulnerable to information disclosure though printer's web... Moderate Unreviewed
CVE-2025-3508 was published Jul 25, 2025
An information disclosure vulnerability exits in Sitecore JSS React Sample Application 11.0.0 -... High Unreviewed
CVE-2020-36850 was published Jul 25, 2025
The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2025-7780 was published Jul 25, 2025
HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow... High Unreviewed
CVE-2025-31955 was published Jul 24, 2025
Possible ORM Leak Vulnerability in the Harbor Moderate
CVE-2025-30086 was published for github.com/goharbor/harbor (Go) Jul 23, 2025
In some cases search terms persisted in the URL bar even after navigating away from the search... High Unreviewed
CVE-2025-8039 was published Jul 22, 2025
The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all... Moderate Unreviewed
CVE-2025-6082 was published Jul 22, 2025
An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the... Moderate Unreviewed
CVE-2025-52372 was published Jul 21, 2025
WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability,... High Unreviewed
CVE-2025-7919 was published Jul 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database