Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,757
NuGet
678
pip
3,444
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

11,339 advisories

Loading
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the... Low Unreviewed
CVE-2024-52328 was published Jan 23, 2025
Reflected Cross Site Scripting (XSS) in error message Low
GHSA-74j9-xhqr-6qv3 was published for silverstripe/framework (Composer) Jan 23, 2025
BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. ... Low Unreviewed
CVE-2024-42182 was published Jan 23, 2025
BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It... Low Unreviewed
CVE-2024-42183 was published Jan 23, 2025
BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML... Low Unreviewed
CVE-2024-42185 was published Jan 23, 2025
BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can... Low Unreviewed
CVE-2024-42186 was published Jan 23, 2025
BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could... Low Unreviewed
CVE-2024-42184 was published Jan 23, 2025
Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family... Low Unreviewed
CVE-2022-42336 was published May 17, 2023
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). ... Low Unreviewed
CVE-2025-21520 was published Jan 21, 2025
@sveltejs/kit vulnerable to XSS on dev mode 404 page Low
CVE-2024-53261 was published for @sveltejs/kit (npm) Nov 25, 2024
benmccann eltigerchino
RDIL
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security:... Low Unreviewed
CVE-2025-21546 was published Jan 21, 2025
Umbraco CMS Cross-site Scripting vulnerability Low
CVE-2024-10761 was published for Umbraco.Cms.Core (NuGet) Nov 4, 2024
A vulnerability, which was classified as problematic, was found in CampCodes School Management... Low Unreviewed
CVE-2025-0625 was published Jan 22, 2025
Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in... Low Unreviewed
CVE-2024-28977 was published Apr 24, 2024
gitoxide-core does not neutralize special characters for terminals Low
CVE-2024-43785 was published for gitoxide (Rust) Aug 22, 2024
EliahKagan
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')... Low Unreviewed
CVE-2024-45687 was published Jan 21, 2025
Cross site scripting in zenml Low
CVE-2024-2171 was published for zenml (pip) Jun 6, 2024
The kstring integration in gix-attributes is unsound Low
GHSA-cx7h-h87r-jpgr was published for gix-attributes (Rust) Jul 25, 2024
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
Apache Airflow does not return the "Cache-Control" header for dynamic content Low
CVE-2024-25142 was published for apache-airflow (pip) Jun 14, 2024
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring Low
CVE-2024-47168 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Vyper's `extract32` can ready dirty memory Low
CVE-2024-24564 was published for vyper (pip) Feb 26, 2024
trocher
Vyper Does Not Check the Success of Certain Precompile Calls Low
CVE-2025-21607 was published for vyper (pip) Jan 14, 2025
ritzdorf vasinicola
trocher
1Panel set-cookie is missing the Secure keyword Low
CVE-2024-24768 was published for github.com/1Panel-dev/1Panel (Go) Feb 5, 2024
anonymous-nlp-student
A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as... Low Unreviewed
CVE-2024-13524 was published Jan 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database