Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,688
Erlang
34
GitHub Actions
27
Go
2,274
Maven
5,000+
npm
3,931
NuGet
706
pip
3,697
Pub
12
RubyGems
919
Rust
956
Swift
38
Unreviewed advisories
All unreviewed
5,000+

11,918 advisories

Loading
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release... Low Unreviewed
CVE-2025-22886 was published May 6, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre... Low Unreviewed
CVE-2025-27132 was published May 6, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer... Low Unreviewed
CVE-2025-27248 was published May 6, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer... Low Unreviewed
CVE-2025-27241 was published May 6, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow. Low Unreviewed
CVE-2025-25052 was published May 6, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer... Low Unreviewed
CVE-2025-25218 was published May 6, 2025
Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields Low
CVE-2025-46720 was published for @keystone-6/core (npm) May 5, 2025
emmatown dcousens
@misskey-dev/summaly Redirect Filter Bypass Low
CVE-2025-46553 was published for @misskey-dev/summaly (npm) May 5, 2025
warriordog
October CMS Allows Unprotected SVG Rename in Media Manager Low
CVE-2024-51991 was published for october/october (Composer) May 5, 2025
Vulnerability in Best Practical Solutions, LLC's Request Tracker v5.0.7, where the Triple DES ... Low Unreviewed
CVE-2025-2545 was published May 5, 2025
The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings,... Low Unreviewed
CVE-2025-3583 was published May 5, 2025
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service ... Low Unreviewed
CVE-2025-47229 was published May 3, 2025
obfstr Type Confusion vulnerability Low
CVE-2024-58253 was published for obfstr (Rust) May 2, 2025
A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as... Low Unreviewed
CVE-2025-4215 was published May 2, 2025
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form... Low Unreviewed
CVE-2025-3513 was published May 2, 2025
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form... Low Unreviewed
CVE-2025-3514 was published May 2, 2025
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of... Low Unreviewed
CVE-2024-13381 was published May 1, 2025
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings,... Low Unreviewed
CVE-2025-3502 was published May 1, 2025
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings,... Low Unreviewed
CVE-2025-3504 was published May 1, 2025
Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Low Unreviewed
CVE-2023-37517 was published May 1, 2025
Unverified Password Change for ANC software that allows an authenticated attacker to bypass the... Low Unreviewed
CVE-2024-47784 was published Apr 30, 2025
AngularJS improperly sanitizes SVG elements Low
CVE-2025-0716 was published for angular (npm) Apr 29, 2025
DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on... Low Unreviewed
CVE-2025-3301 was published Apr 29, 2025
YesWiki Stored XSS Vulnerability in Comments Low
CVE-2025-46346 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting Low
CVE-2025-46350 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
masquerad3r
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database