Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

132 advisories

Loading
A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures... High Unreviewed
CVE-2025-20343 was published Nov 5, 2025
The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up... Moderate Unreviewed
CVE-2025-12192 was published Nov 5, 2025
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling High
CVE-2025-47776 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
dregad piru
Credited to dregad and piru
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication Moderate
CVE-2025-59350 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by... Moderate Unreviewed
CVE-2025-47416 was published Sep 9, 2025
A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of... Moderate Unreviewed
CVE-2025-9401 was published Aug 25, 2025
In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct... Critical Unreviewed
CVE-2025-54336 was published Aug 19, 2025
IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could... Moderate Unreviewed
CVE-2025-27909 was published Aug 18, 2025
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an... High Unreviewed
CVE-2025-3102 was published Apr 10, 2025
An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17... Low Unreviewed
CVE-2024-5528 was published Feb 5, 2025
TCPDF has incorrect comparison High
CVE-2024-56522 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded Moderate
CVE-2024-12224 was published for idna (Rust) Dec 9, 2024
PyJWT Issuer field partial matches allowed Low
CVE-2024-53861 was published for PyJWT (pip) Dec 2, 2024
fabianbadoi
Credited to fabianbadoi
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's... Moderate Unreviewed
CVE-2024-9681 was published Nov 6, 2024
An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks... Moderate Unreviewed
CVE-2024-39534 was published Oct 11, 2024
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security... Moderate Unreviewed
CVE-2024-6641 was published Sep 18, 2024
Alpine allows Authentication Filter bypass Moderate
CVE-2022-23554 was published for us.springett:alpine (Maven) Aug 5, 2024
Under certain circumstances the ExacqVision Web Services does not provide sufficient protection... Moderate Unreviewed
CVE-2024-32862 was published Aug 2, 2024
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset... Critical Unreviewed
CVE-2024-24621 was published Jul 26, 2024
ServiceNow has addressed an input validation vulnerability that was identified in the Washington... Critical Unreviewed
CVE-2024-5217 was published Jul 10, 2024
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication... High Unreviewed
CVE-2024-39742 was published Jul 8, 2024
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6... High Unreviewed
CVE-2024-4032 was published Jun 17, 2024
SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy ... High Unreviewed
CVE-2024-37131 was published Jun 13, 2024
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always... Moderate Unreviewed
CVE-2021-47370 was published May 21, 2024
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an... High Unreviewed
CVE-2024-2223 was published Apr 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database