Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,969 advisories

Loading
Hazelcast vulnerable to unmasked password exposure Moderate
CVE-2023-33264 was published for com.hazelcast:hazelcast (Maven) May 22, 2023
joshbressers
Credited to joshbressers
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for... Low Unreviewed
CVE-2024-8612 was published Sep 20, 2024
Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated... High Unreviewed
CVE-2025-40645 was published Oct 2, 2025
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
pfeifferj
Credited to pfeifferj
The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-10744 was published Oct 1, 2025
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
joshbressers
Credited to joshbressers
FormCMS has an improper access control vulnerability in the /api/schemas/history/[schemaId] endpoint Moderate
CVE-2025-55797 was published for FormCMS (NuGet) Sep 30, 2025
An issue in Aranda PassRecovery v1.0 allows attackers to enumerate valid user accounts in Active... Moderate Unreviewed
CVE-2025-45994 was published Sep 26, 2025
OpenMLS improper persistence of the secret tree during message processing Moderate
GHSA-qr9h-x63w-vqfm was published for openmls (Rust) Sep 26, 2025
erdoganege fatihergin
Credited to erdoganege and fatihergin
Mercusys MW305R 3.30 and below is has a Transport Layer Security (TLS) certificate private key... Moderate Unreviewed
CVE-2025-56463 was published Sep 26, 2025
A security flaw has been discovered in givanz Vvveb up to 1.0.7.2. This affects an unknown part... Moderate Unreviewed
CVE-2025-11028 was published Sep 26, 2025
A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is... Moderate Unreviewed
CVE-2025-11026 was published Sep 26, 2025
ml-logger file handler allows reading arbitrary files Moderate
CVE-2025-10952 was published for ml-logger (pip) Sep 25, 2025
The AuthKit Remix Library renders sensitive auth data in HTML High
CVE-2025-55009 was published for @workos-inc/authkit-remix (npm) Aug 8, 2025
cai0duque
Credited to cai0duque
Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive... Moderate Unreviewed
CVE-2025-36601 was published Sep 25, 2025
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain... Moderate Unreviewed
CVE-2014-0778 was published May 17, 2022
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled High
CVE-2025-54376 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Credited to Kr1shna4garwal
Graylog concurrent PDF report rendering can leak other users' reports High
CVE-2024-52506 was published for org.graylog:graylog-parent (Maven) Nov 18, 2024
Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible... High Unreviewed
CVE-2025-57430 was published Sep 22, 2025
The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability.... Moderate Unreviewed
CVE-2025-57433 was published Sep 22, 2025
An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote attacker to obtain sensitive information... High Unreviewed
CVE-2025-50708 was published Jul 18, 2025
Cloudflare Vite plugin exposes secrets over the built-in dev server Moderate
CVE-2025-59427 was published for @cloudflare/vite-plugin (npm) Jul 8, 2025
Cherry
Credited to Cherry
The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an... Critical Unreviewed
CVE-2025-57437 was published Sep 22, 2025
The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information... Critical Unreviewed
CVE-2025-57441 was published Sep 22, 2025
The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx... Moderate Unreviewed
CVE-2014-0772 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database