Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

11,987 advisories

Loading
Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse... Low Unreviewed
CVE-2025-48009 was published May 21, 2025
The Backup Plus extension for TYPO3 (ns_backup) allows XSS Low
CVE-2025-48206 was published for nitsan/ns-backup (Composer) May 21, 2025
Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized... Low Unreviewed
CVE-2025-1420 was published May 21, 2025
Data provided in a request performed to the server while activating a new device are put in a... Low Unreviewed
CVE-2025-1421 was published May 21, 2025
Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high... Low Unreviewed
CVE-2025-1419 was published May 21, 2025
TYPO3 Unverified Password Change for Backend Users Low
CVE-2025-47938 was published for typo3/cms-core (Composer) May 20, 2025
bnf
TYPO3 Allows Information Disclosure via DBAL Restriction Handling Low
CVE-2025-47937 was published for typo3/cms-core (Composer) May 20, 2025
christianfutterlieb eliashaeussler
TYPO3 CMS Webhooks Server Side Request Forgery Low
CVE-2025-47936 was published for typo3/cms-webhooks (Composer) May 20, 2025
bnf
Failed login response could be different depending on whether the username was local or central. Low Unreviewed
CVE-2025-48015 was published May 20, 2025
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME... Low Unreviewed
CVE-2025-4945 was published May 19, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3... Low Unreviewed
CVE-2025-31185 was published May 19, 2025
LibreNMS stored Cross-site Scripting vulnerability in poller group name Low
CVE-2025-47931 was published for librenms/librenms (Composer) May 19, 2025
Fewword
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with... Low Unreviewed
CVE-2025-41429 was published May 19, 2025
In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in ... Low Unreviewed
CVE-2025-23122 was published May 19, 2025
In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in ... Low Unreviewed
CVE-2025-23165 was published May 19, 2025
O2 UK through 2025-05-17 allows subscribers to determine the Cell ID of other subscribers by... Low Unreviewed
CVE-2025-48219 was published May 18, 2025
A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as... Low Unreviewed
CVE-2025-4839 was published May 18, 2025
A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an... Low Unreviewed
CVE-2025-4819 was published May 17, 2025
libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data... Low Unreviewed
CVE-2025-48188 was published May 16, 2025
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured... Low Unreviewed
CVE-2025-22233 was published May 16, 2025
Vyper's `slice()` may elide side-effects when output length is 0 Low
CVE-2025-47774 was published for vyper (pip) May 16, 2025
th3anatomist
Vyper's `concat()` builtin may elide side-effects for zero-length arguments Low
CVE-2025-47285 was published for vyper (pip) May 16, 2025
th3anatomist
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By... Low Unreviewed
CVE-2025-40631 was published May 16, 2025
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability... Low Unreviewed
CVE-2025-40632 was published May 16, 2025
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not... Low Unreviewed
CVE-2024-11140 was published May 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database