Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,323
Maven
5,000+
npm
5,000+
NuGet
880
pip
4,533
Pub
12
RubyGems
1,010
Rust
1,201
Swift
51
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr() Moderate
CVE-2026-33690 was published for wwbn/avideo (Composer) Mar 25, 2026
ZeroXJacks Credited to ZeroXJacks
fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections Moderate
CVE-2026-3635 was published for fastify (npm) Mar 25, 2026
TinkAnet Credited to TinkAnet, climba03003, mcollina, and UlisesGascon climba03003 climba03003
mcollina mcollina UlisesGascon UlisesGascon
Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker... High Unreviewed
CVE-2025-69240 was published Mar 16, 2026
wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows... Moderate Unreviewed
CVE-2026-22201 was published Mar 13, 2026
In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed... Moderate Unreviewed
CVE-2026-24910 was published Jan 28, 2026
The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to,... Moderate Unreviewed
CVE-2025-13694 was published Jan 7, 2026
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the... Moderate Unreviewed
CVE-2025-15154 was published Dec 28, 2025
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to... Moderate Unreviewed
CVE-2025-32900 was published Dec 5, 2025
RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If... Low Unreviewed
CVE-2025-58422 was published Sep 8, 2025
Movable Type contains an issue with use of less trusted source. If exploited, tampered email to... Moderate Unreviewed
CVE-2025-53522 was published Aug 20, 2025
RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less... Low Unreviewed
CVE-2025-48825 was published Jun 13, 2025
Fabio allows HTTP clients to manipulate custom headers it adds Critical
CVE-2025-48865 was published for github.com/fabiolb/fabio (Go) May 29, 2025
47Cid Credited to 47Cid
The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern... Moderate Unreviewed
CVE-2025-47149 was published May 23, 2025
Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data... Moderate Unreviewed
CVE-2025-1245 was published May 16, 2025
Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN... High Unreviewed
CVE-2025-47424 was published May 10, 2025
SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes... Moderate Unreviewed
CVE-2025-43918 was published Apr 20, 2025
Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and... Low Unreviewed
CVE-2025-27913 was published Mar 10, 2025
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4... Moderate Unreviewed
CVE-2024-54840 was published Feb 3, 2025
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc) Moderate
CVE-2025-24856 was published for causal/oidc (Composer) Jan 28, 2025
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or... Low Unreviewed
CVE-2024-10977 was published Nov 14, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand High
CVE-2024-47880 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address... Moderate Unreviewed
CVE-2022-4534 was published Oct 8, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik Critical
CVE-2024-45410 was published for github.com/traefik/traefik (Go) Sep 19, 2024
drolmat Credited to drolmat
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4533 was published Sep 19, 2024
The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address... Moderate Unreviewed
CVE-2022-4529 was published Sep 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database