Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,675
Maven
5,000+
npm
4,297
NuGet
760
pip
4,077
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

132 advisories

Loading
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling High
CVE-2025-47776 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
dregad piru
Credited to dregad and piru
A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures... High Unreviewed
CVE-2025-20343 was published Nov 5, 2025
The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up... Moderate Unreviewed
CVE-2025-12192 was published Nov 5, 2025
Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function... Moderate Unreviewed
CVE-2023-49994 was published Dec 12, 2023
gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream... High Unreviewed
CVE-2023-46009 was published Oct 18, 2023
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6... High Unreviewed
CVE-2024-4032 was published Jun 17, 2024
TCPDF has incorrect comparison High
CVE-2024-56522 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's... Moderate Unreviewed
CVE-2024-9681 was published Nov 6, 2024
ServiceNow has addressed an input validation vulnerability that was identified in the Washington... Critical Unreviewed
CVE-2024-5217 was published Jul 10, 2024
Unraid 6.8.0 allows authentication bypass. High Unreviewed
CVE-2020-5849 was published May 24, 2022
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication Moderate
CVE-2025-59350 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by... Moderate Unreviewed
CVE-2025-47416 was published Sep 9, 2025
In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct... Critical Unreviewed
CVE-2025-54336 was published Aug 19, 2025
A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of... Moderate Unreviewed
CVE-2025-9401 was published Aug 25, 2025
IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could... Moderate Unreviewed
CVE-2025-27909 was published Aug 18, 2025
An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17... Low Unreviewed
CVE-2024-5528 was published Feb 5, 2025
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. Moderate Unreviewed
CVE-2022-31650 was published May 26, 2022
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded Moderate
CVE-2024-12224 was published for idna (Rust) Dec 9, 2024
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always... Moderate Unreviewed
CVE-2021-47370 was published May 21, 2024
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an... High Unreviewed
CVE-2025-3102 was published Apr 10, 2025
Apache NiFi Insufficient Property Validation vulnerability Moderate
CVE-2023-40037 was published for org.apache.nifi:nifi-dbcp-base (Maven) Aug 19, 2023
Regular Expression Denial of Service in jsoneditor Moderate
CVE-2021-3822 was published for jsoneditor (npm) Sep 29, 2021
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an... High Unreviewed
CVE-2024-2223 was published Apr 9, 2024
SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy ... High Unreviewed
CVE-2024-37131 was published Jun 13, 2024
PyJWT Issuer field partial matches allowed Low
CVE-2024-53861 was published for PyJWT (pip) Dec 2, 2024
fabianbadoi
Credited to fabianbadoi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database