GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,688
Composer 4,731
Erlang 35
GitHub Actions 29
Go 2,308
Maven 5,597
npm 3,949
NuGet 711
pip 3,727
Pub 12
RubyGems 920
Rust 964
Swift 38

Unreviewed advisories

All unreviewed 257,355

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

121,036 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of... Moderate Unreviewed

CVE-2025-46078 was published May 29, 2025

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability... Moderate Unreviewed

CVE-2025-5321 was published May 29, 2025

APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation... Moderate Unreviewed

CVE-2025-33043 was published May 29, 2025

HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass... Moderate Unreviewed

CVE-2025-46080 was published May 29, 2025

Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and... Moderate Unreviewed

CVE-2025-4081 was published May 29, 2025

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the... Moderate Unreviewed

CVE-2024-22653 was published May 29, 2025

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This... Moderate Unreviewed

CVE-2025-5320 was published May 29, 2025

An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP... Moderate Unreviewed

CVE-2025-48046 was published May 29, 2025

The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-5122 was published May 29, 2025

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress... Moderate Unreviewed

CVE-2025-4670 was published May 29, 2025

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed

CVE-2025-5286 was published May 29, 2025

The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2025-4583 was published May 29, 2025

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute... Moderate Unreviewed

CVE-2025-27706 was published May 28, 2025

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to... Moderate Unreviewed

CVE-2025-27702 was published May 28, 2025

Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v... Moderate Unreviewed

CVE-2025-48747 was published May 28, 2025

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea... Moderate Unreviewed

CVE-2025-32803 was published May 28, 2025

Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component... Moderate Unreviewed

CVE-2025-1461 was published May 28, 2025

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap... Moderate Unreviewed

CVE-2025-48927 was published May 28, 2025

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to... Moderate Unreviewed

CVE-2025-48925 was published May 28, 2025

Kea configuration and API directives can be used to overwrite arbitrary files, subject to... Moderate Unreviewed

CVE-2025-32802 was published May 28, 2025

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover... Moderate Unreviewed

CVE-2025-48926 was published May 28, 2025

The TeleMessage service through 2025-05-05 implements authentication through a long-lived... Moderate Unreviewed

CVE-2025-48929 was published May 28, 2025

Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in... Moderate Unreviewed

CVE-2025-36572 was published May 28, 2025

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap... Moderate Unreviewed

CVE-2025-48928 was published May 28, 2025

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse... Moderate Unreviewed

CVE-2024-51453 was published May 28, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

121,036 advisories