Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,472
Erlang
33
GitHub Actions
24
Go
2,195
Maven
5,000+
npm
3,841
NuGet
696
pip
3,632
Pub
12
RubyGems
911
Rust
910
Swift
38
Unreviewed advisories
All unreviewed
5,000+

11,645 advisories

Loading
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file... Low Unreviewed
CVE-2025-1972 was published Mar 22, 2025
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-528q-4pgm-wvg2 was published for github.com/mccutchen/go-httpbin (Go) Mar 21, 2025
AyushXtha
Mattermost fail to prompt for explicit approval before adding a team admin to a private channel Low
CVE-2025-27715 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This... Low Unreviewed
CVE-2025-2584 was published Mar 21, 2025
A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to... Low Unreviewed
CVE-2025-30343 was published Mar 21, 2025
An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group... Low Unreviewed
CVE-2025-30345 was published Mar 21, 2025
Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in... Low Unreviewed
CVE-2025-2574 was published Mar 20, 2025
go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment Low
CVE-2025-29923 was published for github.com/redis/go-redis/v9 (Go) Mar 20, 2025
A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2... Low Unreviewed
CVE-2025-2555 was published Mar 20, 2025
Kubernetes kube-apiserver Vulnerable to Race Condition Low
CVE-2024-7598 was published for k8s.io/kubernetes/cmd/kube-apiserver (Go) Mar 20, 2025
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary... Low Unreviewed
CVE-2024-13922 was published Mar 20, 2025
MLflow has Weak Password Requirements Low
CVE-2025-1474 was published for mlflow (pip) Mar 20, 2025
LocalAI version v2.19.4 (af0545834fd565ab56af0b9348550ca9c3cb5349) contains a vulnerability where... Low Unreviewed
CVE-2024-9901 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2,... Low Unreviewed
CVE-2024-10724 was published Mar 20, 2025
A reflected cross-site scripting (XSS) vulnerability exists in phpipam/phpipam versions 1.5.0... Low Unreviewed
CVE-2024-10727 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2... Low Unreviewed
CVE-2024-10721 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. The... Low Unreviewed
CVE-2024-10722 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability was discovered in phpipam/phpipam version 1.5.2... Low Unreviewed
CVE-2024-10723 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam/phpipam version 1.5.2. This... Low Unreviewed
CVE-2024-10725 was published Mar 20, 2025
A stored cross-site scripting (XSS) vulnerability exists in phpipam version 1.5.2, specifically... Low Unreviewed
CVE-2024-10719 was published Mar 20, 2025
Apache Seata Vulnerable to Deserialization of Untrusted Data Low
CVE-2024-47552 was published for org.apache.seata:seata-config-core (Maven) Mar 20, 2025
Apache Seata Vulnerable to Data Amplification Low
CVE-2024-54016 was published for org.apache.seata:seata-parent (Maven) Mar 20, 2025
The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can... Low Unreviewed
CVE-2025-30259 was published Mar 20, 2025
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data... Low Unreviewed
CVE-2025-30258 was published Mar 19, 2025
Jenkins Zoho QEngine Plugin Displays Unmasked API Keys Low
CVE-2025-30197 was published for io.jenkins.plugins:zohoqengine (Maven) Mar 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database