Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,633
Erlang
34
GitHub Actions
25
Go
2,239
Maven
5,000+
npm
3,900
NuGet
701
pip
3,667
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

248 advisories

Loading
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki -... Critical Unreviewed
CVE-2025-32074 was published Apr 11, 2025
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki -... Moderate Unreviewed
CVE-2025-32078 was published Apr 11, 2025
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core ... Moderate Unreviewed
CVE-2025-32072 was published Apr 11, 2025
An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon ... Moderate Unreviewed
CVE-2025-30657 was published Apr 9, 2025
Django TomSelect incomplete escaping of dangerous characters in widget attributes Low
GHSA-785h-76cm-cpmf was published for django-tomselect (pip) Mar 26, 2025
pysean3
An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group... Low Unreviewed
CVE-2025-30345 was published Mar 21, 2025
Improper encoding or escaping of output vulnerability in the webapi component in Synology... Moderate Unreviewed
CVE-2024-50629 was published Mar 19, 2025
Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology... Critical Unreviewed
CVE-2024-10441 was published Mar 19, 2025
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper... Moderate Unreviewed
CVE-2023-35894 was published Mar 7, 2025
During an address list folding when a separating comma ends up on a folded line and that line is... Low Unreviewed
CVE-2025-1795 was published Feb 28, 2025
Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0... High Unreviewed
CVE-2024-12368 was published Feb 25, 2025
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace High
CVE-2025-27108 was published for dom-expressions (npm) Feb 25, 2025
nsysean ryansolid
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) High
CVE-2025-27109 was published for solid-js (npm) Feb 25, 2025
ryansolid nsysean
IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files... Moderate Unreviewed
CVE-2024-49355 was published Feb 20, 2025
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address,... Moderate Unreviewed
CVE-2024-56473 was published Feb 6, 2025
MathLive's Lack of Escaping of HTML allows for XSS Moderate
CVE-2025-29049 was published for mathlive (npm) Jan 21, 2025
nsysean arnog
Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue... Moderate Unreviewed
CVE-2024-56277 was published Jan 21, 2025
KaTeX \htmlData does not validate attribute names Moderate
CVE-2025-23207 was published for katex (npm) Jan 17, 2025
nsysean edemaine
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user... Moderate Unreviewed
CVE-2024-52891 was published Jan 7, 2025
Koji Cross-site Scripting Moderate
CVE-2024-9427 was published for koji (pip) Dec 24, 2024
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter High
CVE-2024-55663 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Dec 12, 2024
A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3... High Unreviewed
CVE-2024-46547 was published Dec 9, 2024
In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper... High Unreviewed
CVE-2018-9433 was published Nov 20, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability Moderate
CVE-2024-10006 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow... High Unreviewed
CVE-2024-47549 was published Oct 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database