GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
102,726 advisories
Filter by severity
A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. It has been classified as...
High
Unreviewed
CVE-2025-0707
was published
Jan 24, 2025
ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape
High
CVE-2025-24359
was published
for
asteval
(pip)
Jan 24, 2025
Updatecli exposes Maven credentials in console output
High
CVE-2025-24355
was published
for
github.com/updatecli/updatecli
(Go)
Jan 24, 2025
GitHub PAT written to debug artifacts
High
CVE-2025-24362
was published
for
github/codeql-action
(GitHub Actions)
Jan 24, 2025
XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`
High
CVE-2024-52807
was published
for
org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli
(Maven)
Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator allows Stored XSS....
High
Unreviewed
CVE-2025-24756
was published
Jan 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2025-24728
was published
Jan 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2025-24669
was published
Jan 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2025-24659
was published
Jan 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2025-24672
was published
Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode...
High
Unreviewed
CVE-2025-24636
was published
Jan 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2025-24663
was published
Jan 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2025-24683
was published
Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsTap allows Stored XSS. This...
High
Unreviewed
CVE-2025-24561
was published
Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Optimal Access Inc. KBucket allows Stored XSS....
High
Unreviewed
CVE-2025-24562
was published
Jan 24, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
High
Unreviewed
CVE-2025-24587
was published
Jan 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2025-24570
was published
Jan 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in SubscriptionDNA.com Subscription DNA allows...
High
Unreviewed
CVE-2025-24555
was published
Jan 24, 2025
An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can...
High
Unreviewed
CVE-2025-23222
was published
Jan 24, 2025
LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the...
High
Unreviewed
CVE-2019-15690
was published
Jan 24, 2025
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating...
High
Unreviewed
CVE-2024-40693
was published
Jan 24, 2025
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating...
High
Unreviewed
CVE-2024-25034
was published
Jan 24, 2025
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the
CP210 VCP Win 2k
...
High
Unreviewed
CVE-2024-9494
was published
Jan 24, 2025
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows
...
High
Unreviewed
CVE-2024-9495
was published
Jan 24, 2025
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility...
High
Unreviewed
CVE-2024-9492
was published
Jan 24, 2025
ProTip!
Advisories are also available from the
GraphQL API