Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,969 advisories

Loading
Captive Portal can expose sensitive information High Unreviewed
CVE-2025-6980 was published Oct 23, 2025
An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job... Moderate Unreviewed
CVE-2025-54966 was published Oct 23, 2025
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint Moderate
CVE-2025-54468 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Mattermost Server exposes information stored by a web browser Moderate
CVE-2016-11081 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes account details to any Team Administrator Moderate
CVE-2016-11080 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component:... Moderate Unreviewed
CVE-2025-61750 was published Oct 21, 2025
Mattermost Server exposes sensitive information via its System Console UI Moderate
CVE-2016-11078 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes sensitive information about team URLs via an API Moderate
CVE-2016-11075 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
ZK Framework vulnerable to malicious POST High
CVE-2022-36537 was published for org.zkoss.zk:zk (Maven) Aug 27, 2022
tdunlap607
Credited to tdunlap607
Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item... High Unreviewed
CVE-2025-53043 was published Oct 21, 2025
Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported... Moderate Unreviewed
CVE-2025-53047 was published Oct 21, 2025
Jenkins discloses project names via fingerprints High
CVE-2015-5317 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an... Moderate Unreviewed
CVE-2025-40662 was published Jun 10, 2025
Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications ... Moderate Unreviewed
CVE-2025-61885 was published Oct 21, 2025
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... Moderate Unreviewed
CVE-2025-61764 was published Oct 21, 2025
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of... High Unreviewed
CVE-2025-53036 was published Oct 21, 2025
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle... Moderate Unreviewed
CVE-2025-50074 was published Oct 21, 2025
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via... Moderate Unreviewed
CVE-2013-0631 was published May 17, 2022
Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X... High Unreviewed
CVE-2015-0310 was published May 17, 2022
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers... Moderate Unreviewed
CVE-2013-7331 was published May 14, 2022
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass... High Unreviewed
CVE-2013-0632 was published May 17, 2022
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact... High Unreviewed
CVE-2008-0655 was published May 1, 2022
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated,... Moderate Unreviewed
CVE-2022-20821 was published May 27, 2022
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1.... Critical Unreviewed
CVE-2023-49103 was published Nov 22, 2023
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide... Moderate Unreviewed
CVE-2023-21237 was published Jun 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database