Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,969 advisories

Loading
In multiple locations, there is a possible way to leak hidden work profile notifications due to a... Moderate Unreviewed
CVE-2025-48527 was published Sep 4, 2025
Argo CD's Project API Token Exposes Repository Credentials Critical
CVE-2025-55190 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 4, 2025
ntammineni5 34fathombelow
alexmt jannfis crenshaw-dev svghadi
Credited to ntammineni5, 34fathombelow, alexmt, jannfis, crenshaw-dev, and svghadi
Langchain Community Vulnerable to XML External Entity (XXE) Attacks High
CVE-2025-6984 was published for langchain-community (pip) Sep 4, 2025
Information disclosure High Unreviewed
CVE-2025-36895 was published Sep 4, 2025
Jenkins Git client Plugin file system information disclosure vulnerability Moderate
CVE-2025-58458 was published for org.jenkins-ci.plugins:git-client (Maven) Sep 3, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore... High Unreviewed
CVE-2025-53694 was published Sep 3, 2025
A vulnerability was detected in Das Parking Management System 停车场管理系统 6.2.0. This impacts an... Moderate Unreviewed
CVE-2025-9842 was published Sep 3, 2025
Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is... Low Unreviewed
CVE-2025-51643 was published Aug 28, 2025
Valtimo scripting engine can be used to gain access to sensitive data or resources Critical
CVE-2025-58059 was published for com.ritense.valtimo:core (Maven) Aug 28, 2025
Contao can disclose sensitive information in the news module Moderate
CVE-2025-57757 was published for contao/contao (Composer) Aug 28, 2025
fritzmg
Credited to fritzmg
Contao discloses sensitive information in the front end search index Moderate
CVE-2025-57756 was published for contao/contao (Composer) Aug 28, 2025
fritzmg
Credited to fritzmg
The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-13807 was published Aug 28, 2025
SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information... High Unreviewed
CVE-2023-7308 was published Aug 28, 2025
A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series... Moderate Unreviewed
CVE-2025-20290 was published Aug 27, 2025
Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to... Critical Unreviewed
CVE-2024-39335 was published Aug 26, 2025
Mahara before 24.04.9 exposes database connection information if the database becomes unreachable... High Unreviewed
CVE-2025-29992 was published Aug 26, 2025
A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown... Moderate Unreviewed
CVE-2025-9461 was published Aug 26, 2025
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental... High Unreviewed
CVE-2023-47799 was published Aug 25, 2025
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in... Critical Unreviewed
CVE-2025-7426 was published Aug 25, 2025
A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this... Moderate Unreviewed
CVE-2025-9398 was published Aug 25, 2025
A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an... Low Unreviewed
CVE-2025-9381 was published Aug 24, 2025
@musistudio/claude-code-router has improper CORS configuration High
CVE-2025-57755 was published for @musistudio/claude-code-router (npm) Aug 21, 2025
ttttmr
Credited to ttttmr
A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some... Moderate Unreviewed
CVE-2025-9240 was published Aug 20, 2025
A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an... Moderate Unreviewed
CVE-2025-20345 was published Aug 20, 2025
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that... Low Unreviewed
CVE-2025-8448 was published Aug 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database