Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to,... Moderate Unreviewed
CVE-2025-13694 was published Jan 7, 2026
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the... Moderate Unreviewed
CVE-2025-15154 was published Dec 28, 2025
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to... Moderate Unreviewed
CVE-2025-32900 was published Dec 5, 2025
RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If... Low Unreviewed
CVE-2025-58422 was published Sep 8, 2025
Movable Type contains an issue with use of less trusted source. If exploited, tampered email to... Moderate Unreviewed
CVE-2025-53522 was published Aug 20, 2025
RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less... Low Unreviewed
CVE-2025-48825 was published Jun 13, 2025
Fabio allows HTTP clients to manipulate custom headers it adds Critical
CVE-2025-48865 was published for github.com/fabiolb/fabio (Go) May 29, 2025
47Cid
Credited to 47Cid
The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern... Moderate Unreviewed
CVE-2025-47149 was published May 23, 2025
Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data... Moderate Unreviewed
CVE-2025-1245 was published May 16, 2025
Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN... High Unreviewed
CVE-2025-47424 was published May 10, 2025
SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes... Moderate Unreviewed
CVE-2025-43918 was published Apr 20, 2025
Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and... Low Unreviewed
CVE-2025-27913 was published Mar 10, 2025
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4... Moderate Unreviewed
CVE-2024-54840 was published Feb 3, 2025
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc) Moderate
CVE-2025-24856 was published for causal/oidc (Composer) Jan 28, 2025
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or... Low Unreviewed
CVE-2024-10977 was published Nov 14, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand High
CVE-2024-47880 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address... Moderate Unreviewed
CVE-2022-4534 was published Oct 8, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik Critical
CVE-2024-45410 was published for github.com/traefik/traefik (Go) Sep 19, 2024
drolmat
Credited to drolmat
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4533 was published Sep 19, 2024
The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address... Moderate Unreviewed
CVE-2022-4529 was published Sep 5, 2024
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4539 was published Aug 31, 2024
The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions... Moderate Unreviewed
CVE-2022-4536 was published Aug 31, 2024
Serilog Client IP Spoofing vulnerability Moderate
CVE-2024-44930 was published for Serilog.Enrichers.ClientInfo (NuGet) Aug 29, 2024
vbakke
Credited to vbakke
The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address... Moderate Unreviewed
CVE-2022-4532 was published Aug 17, 2024
Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue... Low Unreviewed
CVE-2022-44593 was published Jun 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database