Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,768
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,791 advisories

Loading
sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb High
CVE-2024-41672 was published for duckdb (pip) Jan 21, 2025
zacMode
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to... High Unreviewed
CVE-2024-49734 was published Jan 22, 2025
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent... High Unreviewed
CVE-2024-43707 was published Jan 23, 2025
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is... High Unreviewed
CVE-2024-13562 was published Jan 25, 2025
A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix... High Unreviewed
CVE-2025-0659 was published Jan 28, 2025
AutoLib Software Systems OPAC v20.10 was discovered to have multiple API keys exposed within the... High Unreviewed
CVE-2024-48310 was published Jan 29, 2025
RuoYi allowed unauthorized attackers to view the session ID of the admin in the system monitoring High
CVE-2024-57436 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
This vulnerability allows remote attackers to disclose sensitive information on affected... High Unreviewed
CVE-2024-23962 was published Jan 31, 2025
Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability. High Unreviewed
CVE-2024-34897 was published Feb 3, 2025
Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies.... High Unreviewed
CVE-2025-22918 was published Feb 3, 2025
An information disclosure vulnerability exists in the Vault API functionality of ClearML... High Unreviewed
CVE-2024-43779 was published Feb 6, 2025
Connect-CMS information that is restricted to viewing is visible High
GHSA-2237-5r9w-vm8j was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via... High Unreviewed
CVE-2024-55272 was published Feb 8, 2025
SQL injection in JeecgBoot High
CVE-2024-57606 was published for org.jeecgframework.boot:jeecg-boot-common (Maven) Feb 8, 2025
A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web... High Unreviewed
CVE-2024-46437 was published Feb 10, 2025
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress... High Unreviewed
CVE-2024-13600 was published Feb 12, 2025
An issue in Zertificon Z1 SecureMail Z1 SecureMail Gateway 4.44.2-7240-debian12 allows a remote... High Unreviewed
CVE-2024-51123 was published Feb 13, 2025
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13606 was published Feb 13, 2025
An attacker may modify the URL to discover sensitive information about the target network. High Unreviewed
CVE-2025-25281 was published Feb 14, 2025
A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva... High Unreviewed
CVE-2025-22960 was published Feb 14, 2025
A critical information disclosure vulnerability exists in the web-based management interface of... High Unreviewed
CVE-2025-22961 was published Feb 14, 2025
The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive... High Unreviewed
CVE-2024-13622 was published Feb 18, 2025
An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via... High Unreviewed
CVE-2025-22973 was published Feb 21, 2025
An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via... High Unreviewed
CVE-2025-25333 was published Feb 27, 2025
An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001... High Unreviewed
CVE-2025-25729 was published Feb 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database