Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,849
Pub
12
RubyGems
941
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

384 advisories

Loading
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. Low Unreviewed
CVE-2025-25212 was published Aug 11, 2025
A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This... Low Unreviewed
CVE-2025-8708 was published Aug 8, 2025
Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page Low
CVE-2025-8573 was published for concrete5/concrete5 (Composer) Aug 6, 2025
When passing values outside of the expected range to QColorTransferGenericFunction it can cause a... Low Unreviewed
CVE-2025-5992 was published Jul 11, 2025
Transformers's Improper Input Validation vulnerability can be exploited through username injection Low
CVE-2025-3777 was published for transformers (pip) Jul 7, 2025
A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This... Low Unreviewed
CVE-2025-7060 was published Jul 4, 2025
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization Low
CVE-2025-6279 was published for upsonic (pip) Jun 19, 2025
Grafana long dashboard title or panel name causes unresponsives Low
CVE-2025-1088 was published for github.com/grafana/grafana (Go) Jun 18, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2025-47096 was published Jun 11, 2025
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
CVE-2025-8556 was published for github.com/cloudflare/circl (Go) Jun 10, 2025
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. Low Unreviewed
CVE-2025-27242 was published Jun 8, 2025
anon-vec lacks sufficient checks in public API Low
GHSA-pr59-jjr4-gcf6 was published for anon-vec (Rust) Jun 5, 2025
Spring Framework DataBinder Case Sensitive Match Exception Low
CVE-2025-22233 was published for org.springframework:spring-context (Maven) May 16, 2025
ryanmurf
Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna... Low Unreviewed
CVE-2025-4762 was published May 15, 2025
go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment Low
CVE-2025-29923 was published for github.com/redis/go-redis/v9 (Go) Mar 20, 2025
Keycloak allows cross-site scripting (XSS) Low
CVE-2024-4028 was published for org.keycloak:keycloak-core (Maven) Feb 18, 2025
A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43... Low Unreviewed
CVE-2025-0974 was published Feb 3, 2025
HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts... Low Unreviewed
CVE-2024-42175 was published Jan 11, 2025
Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabilities in the eSignaViewer... Low Unreviewed
CVE-2024-12014 was published Dec 20, 2024
sigstore has insufficient validation of integration timestamp during verification Low
CVE-2024-55655 was published for sigstore (pip) Dec 11, 2024
woodruffw haydentherapper
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2024-52831 was published Dec 11, 2024
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation... Low Unreviewed
CVE-2024-43755 was published Dec 11, 2024
Insufficient validation of filenames against control characters in Apache Subversion repositories... Low Unreviewed
CVE-2024-46901 was published Dec 9, 2024
sigstore-java has a vulnerability with bundle verification Low
CVE-2024-54140 was published for dev.sigstore:sigstore-java (Maven) Dec 5, 2024
loosebazooka
When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon... Low Unreviewed
CVE-2024-22117 was published Nov 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database