Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,731
Erlang
35
GitHub Actions
29
Go
2,308
Maven
5,000+
npm
3,949
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,787 advisories

Loading
Exposure of private personal information to an unauthorized actor in the user vaults component of... High Unreviewed
CVE-2025-5334 was published May 29, 2025
An unauthenticated remote attacker can access information about running processes via the SNMP... High Unreviewed
CVE-2025-41654 was published May 26, 2025
An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted... High Unreviewed
CVE-2024-53359 was published May 20, 2025
VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with... High Unreviewed
CVE-2025-41230 was published May 20, 2025
The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-13613 was published May 17, 2025
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf... High Unreviewed
CVE-2025-3877 was published May 14, 2025
OXID eShop May Display User Information High
CVE-2024-56526 was published for oxid-esales/oxideshop-ce (Composer) May 13, 2025
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15... High Unreviewed
CVE-2025-31256 was published May 13, 2025
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and... High Unreviewed
CVE-2025-31225 was published May 13, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5... High Unreviewed
CVE-2025-31207 was published May 13, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper... High Unreviewed
CVE-2025-32986 was published Apr 25, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. High Unreviewed
CVE-2025-32983 was published Apr 25, 2025
Moodle allows unauthenticated REST API user data exposure High
CVE-2025-32044 was published for moodle/moodle (Composer) Apr 25, 2025
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2025-23174 was published Apr 21, 2025
An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui... High Unreviewed
CVE-2025-28235 was published Apr 18, 2025
Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to ... High Unreviewed
CVE-2025-3698 was published Apr 16, 2025
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). ... High Unreviewed
CVE-2025-30724 was published Apr 15, 2025
Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an... High Unreviewed
CVE-2025-29805 was published Apr 8, 2025
The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for... High Unreviewed
CVE-2024-13604 was published Apr 7, 2025
Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics High
CVE-2023-27591 was published for miniflux.app (Go) Apr 2, 2025
40826d fguillot
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13567 was published Apr 1, 2025
Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting... High Unreviewed
CVE-2025-26009 was published Mar 26, 2025
Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter... High Unreviewed
CVE-2025-26001 was published Mar 26, 2025
Directus's webhook trigger flows can leak sensitive data High
CVE-2025-30353 was published for directus (npm) Mar 26, 2025
dzevs
Frappe vulnerable to information disclosure leading to account takeover High
CVE-2025-30214 was published for frappe (pip) Mar 25, 2025
yeuchimse
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database