Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,829
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

104,768 advisories

Loading
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive... High Unreviewed
CVE-2024-8176 was published Mar 14, 2025
tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs. High
CVE-2025-30066 was published for tj-actions/changed-files (GitHub Actions) Mar 15, 2025
The WP Test Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email... High Unreviewed
CVE-2025-2325 was published Mar 15, 2025
The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for... High Unreviewed
CVE-2024-13497 was published Mar 15, 2025
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2025-1667 was published Mar 15, 2025
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-1657 was published Mar 15, 2025
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-1653 was published Mar 15, 2025
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote... High Unreviewed
CVE-2024-45506 was published Sep 4, 2024
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to... High Unreviewed
CVE-2025-24985 was published Mar 11, 2025
The issue was addressed with improved checks. This issue is fixed in watchOS 10.6, iOS 17.6 and... High Unreviewed
CVE-2024-40829 was published Jul 30, 2024
An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function... High Unreviewed
CVE-2019-12483 was published May 24, 2022
In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk... High Unreviewed
CVE-2022-48340 was published Feb 21, 2023
In the Linux kernel through 6.7.2, an untrusted hypervisor can inject virtual interrupts 0 and 14... High Unreviewed
CVE-2024-25743 was published May 15, 2024
Local File Inclusion in Rack::Static High
CVE-2025-27610 was published for rack (RubyGems) Mar 10, 2025
Masamuneee jeremyevans
ioquatix
aiohttp-session creates non-expiring sessions High
CVE-2018-1000814 was published for aiohttp-session (pip) Dec 20, 2018
pgAdmin Remote Code Execution (RCE) vulnerability High
CVE-2024-3116 was published for pgadmin4 (pip) Apr 4, 2024
Apache Linkis DataSource allows arbitrary file reading High
CVE-2023-41916 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information High
CVE-2024-39676 was published for org.apache.pinot:pinot-controller (Maven) Jul 24, 2024
oscerd
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) High
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
OpenShift GitOps Operator Namespace Isolation Break High
CVE-2024-13484 was published for github.com/redhat-developer/gitops-operator (Go) Jan 28, 2025
svghadi
eazy-logger prototype pollution High
CVE-2024-57075 was published for eazy-logger (npm) Feb 6, 2025
RDIL
Vela Server Has Insufficient Webhook Payload Data Verification High
CVE-2025-27616 was published for github.com/go-vela/server (Go) Mar 10, 2025
Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries High
CVE-2025-27403 was published for github.com/deislabs/ratify (Go) Mar 11, 2025
kubevirt-csi: PersistentVolume allows access to HCP's root node High
CVE-2024-1725 was published for github.com/kubevirt/csi-driver (Go) Mar 7, 2024
The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before... High Unreviewed
CVE-2024-13884 was published Mar 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database