Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

134,813 advisories

Loading
MLflow Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-1473 was published for mlflow (pip) Mar 20, 2025
Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection... Moderate Unreviewed
CVE-2025-51535 was published Aug 4, 2025
Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona... Moderate Unreviewed
CVE-2024-7701 was published Dec 15, 2024
A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected... Moderate Unreviewed
CVE-2025-8585 was published Aug 5, 2025
A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects... Moderate Unreviewed
CVE-2025-8586 was published Aug 5, 2025
A vulnerability classified as problematic was found in libav up to 12.3. Affected by this... Moderate Unreviewed
CVE-2025-8584 was published Aug 5, 2025
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02... Moderate Unreviewed
CVE-2020-25078 was published May 24, 2022
Liferay Portal CAPTCHA Bypass for Gogo Shell Moderate
CVE-2025-4604 was published for com.liferay:com.liferay.captcha.impl (Maven) Aug 5, 2025
russh is missing overflow checks during channel windows adjust Moderate
CVE-2025-54804 was published for russh (Rust) Aug 4, 2025
onjonjo
IPX Allows Path Traversal via Prefix Matching Bypass Moderate
CVE-2025-54387 was published for ipx (npm) Aug 4, 2025
dellalibera
XWiki allows Reflected XSS in two templates Moderate
CVE-2025-32430 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Aug 5, 2025
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6... Moderate Unreviewed
CVE-2025-50340 was published Aug 4, 2025
A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3... Moderate Unreviewed
CVE-2025-20151 was published May 7, 2025
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF... Moderate Unreviewed
CVE-2025-47152 was published Aug 5, 2025
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version... Moderate Unreviewed
CVE-2025-27931 was published Aug 5, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site... Moderate Unreviewed
CVE-2025-46958 was published Aug 5, 2025
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross... Moderate Unreviewed
CVE-2024-52890 was published Aug 5, 2025
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR... Moderate Unreviewed
CVE-2022-20846 was published Nov 15, 2024
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center ... Moderate Unreviewed
CVE-2024-20274 was published Oct 23, 2024
Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an... Moderate Unreviewed
CVE-2024-39826 was published Jul 15, 2024
FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service Moderate
CVE-2025-54869 was published for setasign/fpdi (Composer) Aug 5, 2025
N0zoM1z0
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0.... Moderate Unreviewed
CVE-2025-8555 was published Aug 5, 2025
The Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-8294 was published Aug 5, 2025
The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2025-8295 was published Aug 5, 2025
A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0.... Moderate Unreviewed
CVE-2025-8554 was published Aug 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database