Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

149 advisories

Loading
HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning.  The BigFix SaaS's HTTP... Moderate Unreviewed
CVE-2025-52621 was published Aug 16, 2025
In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic... Moderate Unreviewed
CVE-2025-53399 was published Aug 1, 2025
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS... Moderate Unreviewed
CVE-2015-4495 was published May 14, 2022
Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass... Moderate Unreviewed
CVE-2025-5824 was published Jun 26, 2025
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed... Moderate Unreviewed
CVE-2023-5858 was published Nov 1, 2023
Error handling for script execution was incorrectly isolated from web content, which could have... Moderate Unreviewed
CVE-2025-5263 was published May 27, 2025
The security settings in the SAP Business One Integration Framework are not adequately checked,... Moderate Unreviewed
CVE-2025-42998 was published Jun 10, 2025
TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in... Moderate Unreviewed
CVE-2024-37661 was published Jun 17, 2024
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote... Moderate Unreviewed
CVE-2024-0814 was published Jan 24, 2024
A phishing site could have repurposed an `about:` dialog to show phishing content with an... Moderate Unreviewed
CVE-2024-0749 was published Jan 23, 2024
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2.... Moderate Unreviewed
CVE-2025-4515 was published May 10, 2025
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block... Moderate Unreviewed
CVE-2020-11868 was published May 24, 2022
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local... Moderate Unreviewed
CVE-2025-43929 was published Apr 20, 2025
When viewing an email message A, which contains an attached message B, where B is encrypted or... Moderate Unreviewed
CVE-2022-1520 was published Dec 22, 2022
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have... Moderate Unreviewed
CVE-2022-22757 was published Dec 22, 2022
The Performance API did not properly hide the fact whether a request cross-origin resource has... Moderate Unreviewed
CVE-2022-29915 was published Dec 22, 2022
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a... Moderate Unreviewed
CVE-2025-3071 was published Apr 2, 2025
An intent redriction vulnerability exists in the Xiaomi quick App framework application product.... Moderate Unreviewed
CVE-2024-45353 was published Mar 27, 2025
A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is... Moderate Unreviewed
CVE-2024-45354 was published Mar 27, 2025
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0... Moderate Unreviewed
CVE-2023-0132 was published Jan 10, 2023
An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious... Moderate Unreviewed
CVE-2025-23117 was published Mar 1, 2025
A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or... Moderate Unreviewed
CVE-2025-1102 was published Feb 12, 2025
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated... Moderate Unreviewed
CVE-2023-29868 was published May 2, 2023
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and... Moderate Unreviewed
CVE-2023-2445 was published May 2, 2023
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker... Moderate Unreviewed
CVE-2023-29867 was published May 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database