Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

9,035 advisories

Loading
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2024-11090 was published Jan 26, 2025
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is... High Unreviewed
CVE-2024-13562 was published Jan 25, 2025
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information Moderate
CVE-2025-24363 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential... High Unreviewed
CVE-2023-27870 was published May 11, 2023
An issue was identified in Fleet Server where Fleet policies that could contain sensitive... Critical Unreviewed
CVE-2024-52975 was published Jan 23, 2025
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent... High Unreviewed
CVE-2024-43707 was published Jan 23, 2025
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2,... High Unreviewed
CVE-2017-5521 was published May 17, 2022
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to... Moderate Unreviewed
CVE-2016-2388 was published May 13, 2022
Cilium has an information leakage via insecure default Hubble UI CORS header Moderate
CVE-2025-23047 was published for github.com/cilium/cilium (Go) Jan 22, 2025
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb High
CVE-2024-41672 was published for duckdb (pip) Jan 21, 2025
zacMode
Jupyter server on Windows discloses Windows user password hash High
CVE-2024-35178 was published for jupyter_server (pip) Jun 6, 2024
nvn1729
** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to... Moderate Unreviewed
CVE-2011-0736 was published May 17, 2022
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified ... Moderate Unreviewed
CVE-2010-0488 was published May 2, 2022
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from... Moderate Unreviewed
CVE-2010-3330 was published May 13, 2022
RestrictedPython information leakage via `AttributeError.obj` and the `string` module High
CVE-2024-47532 was published for RestrictedPython (pip) Sep 30, 2024
Quasar0147 dronex7070
d-maurer dataflake icemac
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &... Moderate Unreviewed
CVE-2025-0318 was published Jan 18, 2025
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of... Moderate Unreviewed
CVE-2008-3474 was published May 2, 2022
Eugeny Tabby Sends Password Despite Host Key Verification Failure High
CVE-2024-48460 was published for tabby-ssh (npm) Jan 17, 2025
Exposure of Sensitive Information to an Unauthorized Actor in Concord High
CVE-2020-10591 was published for com.walmartlabs.concord:concord-common (Maven) Feb 10, 2022
binary-1024
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that... High Unreviewed
CVE-2024-12142 was published Jan 17, 2025
The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-12637 was published Jan 17, 2025
Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse High
CVE-2024-4109 was published for io.undertow:undertow-core (Maven) Dec 12, 2024 withdrawn
Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This... High Unreviewed
CVE-2025-0472 was published Jan 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database