Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

65 advisories

Loading
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information... High Unreviewed
CVE-2025-53507 was published Aug 29, 2025
Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows... High Unreviewed
CVE-2025-28244 was published Jul 10, 2025
Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the... High Unreviewed
CVE-2025-45242 was published May 5, 2025
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to... High Unreviewed
CVE-2025-46627 was published May 2, 2025
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to... High Unreviewed
CVE-2025-29809 was published Apr 8, 2025
Openshift Hive Exposes VCenter Credentials via ClusterProvision High
CVE-2025-2241 was published for github.com/openshift/hive (Go) Mar 17, 2025
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-12315 was published Feb 12, 2025
RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring High
CVE-2024-57436 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a... High Unreviewed
CVE-2024-57546 was published Jan 28, 2025
Windows Kerberos Security Feature Bypass Vulnerability High Unreviewed
CVE-2025-21299 was published Jan 14, 2025
An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0... High Unreviewed
CVE-2025-22984 was published Jan 14, 2025
An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows... High Unreviewed
CVE-2025-22983 was published Jan 14, 2025
Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing... High Unreviewed
CVE-2024-56113 was published Jan 9, 2025
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack... High Unreviewed
CVE-2024-37144 was published Dec 10, 2024
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to... High Unreviewed
CVE-2024-47043 was published Dec 6, 2024
Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023... High Unreviewed
CVE-2024-48939 was published Nov 11, 2024
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for... High Unreviewed
CVE-2024-10028 was published Nov 6, 2024
Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server... High Unreviewed
CVE-2024-48352 was published Nov 1, 2024
Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a... High Unreviewed
CVE-2024-48353 was published Nov 1, 2024
An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information... High Unreviewed
CVE-2024-48783 was published Oct 15, 2024
An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain... High Unreviewed
CVE-2024-48770 was published Oct 11, 2024
An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes,... High Unreviewed
CVE-2024-42018 was published Oct 11, 2024
A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used... High Unreviewed
CVE-2024-39339 was published Sep 18, 2024
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) High
CVE-2024-4540 was published for org.keycloak:keycloak-services (Maven) Jun 10, 2024
mschallar
Credited to mschallar
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a... High Unreviewed
CVE-2024-22808 was published Apr 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database