GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,688
Composer 4,731
Erlang 35
GitHub Actions 29
Go 2,308
Maven 5,597
npm 3,949
NuGet 711
pip 3,727
Pub 12
RubyGems 920
Rust 964
Swift 38

Unreviewed advisories

All unreviewed 257,355

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

131,007 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function Moderate

CVE-2025-5276 was published for mcp-markdownify-server (npm) May 29, 2025

Markdownify MCP Server allows attackers to read arbitrary files Moderate

CVE-2025-5273 was published for mcp-markdownify-server (npm) May 29, 2025

MantisBT SQL Injection via mc_project_get_users function Moderate

CVE-2020-28413 was published for mantisbt/mantisbt (Composer) May 24, 2022

MantisBT XXS where a Custom Field with a crafted Regular Expression property is used Moderate

CVE-2020-25288 was published for mantisbt/mantisbt (Composer) May 24, 2022

MantisBT XSS issue on the view_all_bug_page.php Moderate

CVE-2020-16266 was published for mantisbt/mantisbt (Composer) May 24, 2022

MantisBT XSS when uploading an attachment Moderate

CVE-2019-15539 was published for mantisbt/mantisbt (Composer) May 24, 2022

A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards... Moderate Unreviewed

CVE-2024-51099 was published May 23, 2025

A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap... Moderate Unreviewed

CVE-2025-5278 was published May 27, 2025

In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials... Moderate Unreviewed

CVE-2023-40076 was published Dec 5, 2023

The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and... Moderate Unreviewed

CVE-2023-6165 was published Jan 29, 2024

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored... Moderate Unreviewed

CVE-2024-1396 was published May 2, 2024

HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker... Moderate Unreviewed

CVE-2023-37518 was published Jan 30, 2024

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored... Moderate Unreviewed

CVE-2024-1533 was published May 2, 2024

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12... Moderate Unreviewed

CVE-2022-32883 was published Sep 21, 2022

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability... Moderate Unreviewed

CVE-2025-5321 was published May 29, 2025

Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and... Moderate Unreviewed

CVE-2025-4081 was published May 29, 2025

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This... Moderate Unreviewed

CVE-2025-5320 was published May 29, 2025

HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of... Moderate Unreviewed

CVE-2025-46078 was published May 29, 2025

APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation... Moderate Unreviewed

CVE-2025-33043 was published May 29, 2025

HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass... Moderate Unreviewed

CVE-2025-46080 was published May 29, 2025

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the... Moderate Unreviewed

CVE-2024-22653 was published May 29, 2025

An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP... Moderate Unreviewed

CVE-2025-48046 was published May 29, 2025

A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is... Moderate Unreviewed

CVE-2025-3818 was published Apr 19, 2025

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored... Moderate Unreviewed

CVE-2024-3517 was published May 2, 2024

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored... Moderate Unreviewed

CVE-2024-3341 was published May 2, 2024

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

131,007 advisories