Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,792
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+

9,662 advisories

Loading
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token Critical
CVE-2025-53624 was published for docusaurus-plugin-content-gists (npm) Jul 9, 2025
webbertakken
Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization Moderate
CVE-2025-53512 was published for github.com/juju/juju (Go) Jul 9, 2025
wallyworld hpidcock
An unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep... Critical Unreviewed
CVE-2025-34084 was published Jul 9, 2025
Cloudflare Vite plugin exposes secrets over the built-in dev server Moderate
GHSA-4pfg-2mw5-f8jx was published for @cloudflare/vite-plugin (npm) Jul 8, 2025
Cherry
Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework... Moderate Unreviewed
CVE-2025-49664 was published Jul 8, 2025
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized... Moderate Unreviewed
CVE-2025-48808 was published Jul 8, 2025
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an... Moderate Unreviewed
CVE-2025-47980 was published Jul 8, 2025
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20325 was published Jul 7, 2025
The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-11089 was published Jul 7, 2025
An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect... High Unreviewed
CVE-2025-34057 was published Jul 2, 2025
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form &... Moderate Unreviewed
CVE-2024-13451 was published Jul 2, 2025
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to... High Unreviewed
CVE-2025-49741 was published Jul 2, 2025
An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server... Moderate Unreviewed
CVE-2025-6600 was published Jul 1, 2025
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent... Critical Unreviewed
CVE-2025-34064 was published Jul 1, 2025
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR... Moderate Unreviewed
CVE-2025-34051 was published Jul 1, 2025
An unauthenticated information disclosure vulnerability exists in AVTECH IP cameras, DVRs, and... Moderate Unreviewed
CVE-2025-34052 was published Jul 1, 2025
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5... Moderate Unreviewed
CVE-2025-34062 was published Jul 1, 2025
Janssen Config API returns results without scope verification High
CVE-2025-53003 was published for io.jans:jans-config-api-server (Maven) Jun 30, 2025
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3... High Unreviewed
CVE-2025-27827 was published Jun 26, 2025
When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when... High Unreviewed
CVE-2025-6432 was published Jun 26, 2025
An attacker who enumerated resources from the WebCompat extension could have obtained a... Moderate Unreviewed
CVE-2025-6425 was published Jun 26, 2025
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering... High Unreviewed
CVE-2025-39204 was published Jun 24, 2025
OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information... High Unreviewed
CVE-2025-27387 was published Jun 23, 2025
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and... Critical Unreviewed
CVE-2023-47029 was published Jun 23, 2025
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to... Moderate Unreviewed
CVE-2023-47298 was published Jun 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database