Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,207
Maven
5,000+
npm
3,858
NuGet
696
pip
3,639
Pub
12
RubyGems
913
Rust
918
Swift
38
Unreviewed advisories
All unreviewed
5,000+

9,296 advisories

Loading
SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information... Moderate Unreviewed
CVE-2025-2860 was published Mar 28, 2025
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE... Moderate Unreviewed
CVE-2021-24008 was published Mar 28, 2025
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is... Moderate Unreviewed
CVE-2025-2578 was published Mar 28, 2025
libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function. Moderate Unreviewed
CVE-2025-29497 was published Mar 27, 2025
libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function. Moderate Unreviewed
CVE-2025-29486 was published Mar 27, 2025
libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function. Moderate Unreviewed
CVE-2025-29489 was published Mar 27, 2025
libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function. Moderate Unreviewed
CVE-2025-29488 was published Mar 27, 2025
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform... Moderate Unreviewed
CVE-2025-20226 was published Mar 27, 2025
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions... Moderate Unreviewed
CVE-2025-20232 was published Mar 27, 2025
Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting... High Unreviewed
CVE-2025-26009 was published Mar 26, 2025
Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter... High Unreviewed
CVE-2025-26001 was published Mar 26, 2025
Directus's webhook trigger flows can leak sensitive data High
CVE-2025-30353 was published for directus (npm) Mar 26, 2025
dzevs
Directus `search` query parameter allows enumeration of non permitted fields Moderate
CVE-2025-30352 was published for directus (npm) Mar 26, 2025
hanneskuettner moritzgvt
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin... Moderate Unreviewed
CVE-2025-2228 was published Mar 26, 2025
Shescape has potential environment variable exposure on Windows with CMD Low
CVE-2025-30222 was published for shescape (npm) Mar 26, 2025
Frappe vulnerable to information disclosure leading to account takeover High
CVE-2025-30214 was published for frappe (pip) Mar 25, 2025
Vite bypasses server.fs.deny when using ?raw?? Moderate
CVE-2025-30208 was published for vite (npm) Mar 25, 2025
Ezzer17
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress... Moderate Unreviewed
CVE-2025-2252 was published Mar 25, 2025
Apache Commons VFS Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2025-30474 was published for org.apache.commons:commons-vfs2 (Maven) Mar 23, 2025
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-2331 was published Mar 22, 2025
Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations... High Unreviewed
CVE-2024-8055 was published Mar 20, 2025
In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` API endpoint allows... High Unreviewed
CVE-2024-6842 was published Mar 20, 2025
In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability... High Unreviewed
CVE-2024-11031 was published Mar 20, 2025
A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for... Moderate Unreviewed
CVE-2024-0245 was published Mar 20, 2025
The Exposure of Sensitive Information to an Unauthorized Actor vulnerability impacting Beta80... Moderate Unreviewed
CVE-2025-26485 was published Mar 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database