Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

9,034 advisories

Loading
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is... High Unreviewed
CVE-2024-13562 was published Jan 25, 2025
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information Moderate
CVE-2025-24363 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
An issue was identified in Fleet Server where Fleet policies that could contain sensitive... Critical Unreviewed
CVE-2024-52975 was published Jan 23, 2025
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent... High Unreviewed
CVE-2024-43707 was published Jan 23, 2025
Cilium has an information leakage via insecure default Hubble UI CORS header Moderate
CVE-2025-23047 was published for github.com/cilium/cilium (Go) Jan 22, 2025
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb High
CVE-2024-41672 was published for duckdb (pip) Jan 21, 2025
zacMode
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &... Moderate Unreviewed
CVE-2025-0318 was published Jan 18, 2025
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that... High Unreviewed
CVE-2024-12142 was published Jan 17, 2025
The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-12637 was published Jan 17, 2025
Eugeny Tabby Sends Password Despite Host Key Verification Failure High
CVE-2024-48460 was published for tabby-ssh (npm) Jan 17, 2025
Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This... High Unreviewed
CVE-2025-0472 was published Jan 16, 2025
A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an... Moderate Unreviewed
CVE-2025-0481 was published Jan 15, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation... Unknown Unreviewed
CVE-2025-23073 was published Jan 14, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation... Unknown Unreviewed
CVE-2025-23074 was published Jan 14, 2025
Git Credential Manager carriage-return character in remote URL allows malicious repository to leak credentials High
CVE-2024-50338 was published for git-credential-manager (NuGet) Jan 14, 2025
Windows Themes Spoofing Vulnerability Moderate Unreviewed
CVE-2025-21308 was published Jan 14, 2025
Windows Kerberos Information Disclosure Vulnerability Moderate Unreviewed
CVE-2025-21242 was published Jan 14, 2025
Windows BitLocker Information Disclosure Vulnerability Moderate Unreviewed
CVE-2025-21214 was published Jan 14, 2025
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up... Moderate Unreviewed
CVE-2024-12008 was published Jan 14, 2025
CloudStack users can add and read comments (annotations) on resources they are authorised to... Moderate Unreviewed
CVE-2025-22828 was published Jan 13, 2025
HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response... Low Unreviewed
CVE-2024-42179 was published Jan 13, 2025
A vulnerability, which was classified as problematic, has been found in 1902756969 reggie 1.0.... Moderate Unreviewed
CVE-2025-0403 was published Jan 13, 2025
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line... Moderate Unreviewed
CVE-2025-21592 was published Jan 9, 2025
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid... High Unreviewed
CVE-2023-24012 was published Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database