Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

103,834 advisories

Loading
Duplicate Advisory: Mautic has insufficient authentication in upgrade flow High
GHSA-5hc5-fxr9-5frc was published for mautic/core (Composer) Sep 19, 2024 withdrawn
Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit High
CVE-2025-1403 was published for qiskit (pip) Feb 21, 2025
A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming... High Unreviewed
CVE-2025-26305 was published Feb 20, 2025
A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of... High Unreviewed
CVE-2025-26304 was published Feb 20, 2025
An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read... High Unreviewed
CVE-2025-26013 was published Feb 21, 2025
A vulnerability was found in PHPGurukul Directory Management System 1.0. It has been rated as... High Unreviewed
CVE-2024-5135 was published May 20, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-33554 was published Apr 29, 2024
SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine High
CVE-2025-24970 was published for io.netty:netty-handler (Maven) Feb 10, 2025
johnou
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain High
CVE-2024-34069 was published for Werkzeug (pip) May 6, 2024
Ry0taK
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... High Unreviewed
CVE-2024-13704 was published Feb 18, 2025
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers... High Unreviewed
CVE-2023-51314 was published Feb 20, 2025
PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which... High Unreviewed
CVE-2023-51313 was published Feb 20, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1... High Unreviewed
CVE-2023-51316 was published Feb 20, 2025
An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via... High Unreviewed
CVE-2025-22973 was published Feb 21, 2025
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc... High Unreviewed
CVE-2025-21692 was published Feb 10, 2025
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the... High Unreviewed
CVE-2025-21687 was published Feb 10, 2025
nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache... High Unreviewed
CVE-2024-33601 was published May 6, 2024
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This... High Unreviewed
CVE-2025-0306 was published Jan 9, 2025
The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress... High Unreviewed
CVE-2024-13556 was published Feb 18, 2025
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(),... High Unreviewed
CVE-2025-1094 was published Feb 13, 2025
Due to the usage of a variable time instruction in the assembly implementation of an internal... High Unreviewed
CVE-2025-22866 was published Feb 6, 2025
S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation High
CVE-2025-27088 was published for github.com/oxyno-zeta/s3-proxy/cmd/s3-proxy (Go) Feb 20, 2025
ddvleeuwen oxyno-zeta
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's... High Unreviewed
CVE-2025-0981 was published Feb 18, 2025
In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow... High Unreviewed
CVE-2025-21700 was published Feb 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database