Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,873 advisories

Loading
DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input High
CVE-2025-52488 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
infosec-au
Credited to infosec-au
The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual... High Unreviewed
CVE-2025-23173 was published Jun 19, 2025
A remote unauthorized attacker may gather sensitive information of the application, due to... High Unreviewed
CVE-2025-49184 was published Jun 12, 2025
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the... High Unreviewed
CVE-2025-26521 was published Jun 11, 2025
BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2025-49653 was published for backend.ai (pip) Jun 9, 2025
Exposure of private personal information to an unauthorized actor in the user vaults component of... High Unreviewed
CVE-2025-5334 was published May 29, 2025
An unauthenticated remote attacker can access information about running processes via the SNMP... High Unreviewed
CVE-2025-41654 was published May 26, 2025
An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted... High Unreviewed
CVE-2024-53359 was published May 20, 2025
VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with... High Unreviewed
CVE-2025-41230 was published May 20, 2025
The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-13613 was published May 17, 2025
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf... High Unreviewed
CVE-2025-3877 was published May 14, 2025
OXID eShop May Display User Information High
CVE-2024-56526 was published for oxid-esales/oxideshop-ce (Composer) May 13, 2025
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15... High Unreviewed
CVE-2025-31256 was published May 13, 2025
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and... High Unreviewed
CVE-2025-31225 was published May 13, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5... High Unreviewed
CVE-2025-31207 was published May 13, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper... High Unreviewed
CVE-2025-32986 was published Apr 25, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. High Unreviewed
CVE-2025-32983 was published Apr 25, 2025
Moodle allows unauthenticated REST API user data exposure High
CVE-2025-32044 was published for moodle/moodle (Composer) Apr 25, 2025
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2025-23174 was published Apr 21, 2025
An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui... High Unreviewed
CVE-2025-28235 was published Apr 18, 2025
Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to ... High Unreviewed
CVE-2025-3698 was published Apr 16, 2025
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). ... High Unreviewed
CVE-2025-30724 was published Apr 15, 2025
Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an... High Unreviewed
CVE-2025-29805 was published Apr 8, 2025
The KB Support – Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for... High Unreviewed
CVE-2024-13604 was published Apr 7, 2025
Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics High
CVE-2023-27591 was published for miniflux.app (Go) Apr 2, 2025
40826d fguillot
Credited to 40826d and fguillot
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database