Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,975 advisories

Loading
When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when... High Unreviewed
CVE-2025-6432 was published Jun 26, 2025
In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability... High Unreviewed
CVE-2024-11031 was published Mar 20, 2025
An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. High Unreviewed
CVE-2024-51769 was published Jul 14, 2025
A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600,... Moderate Unreviewed
CVE-2025-7572 was published Jul 14, 2025
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL... Moderate Unreviewed
CVE-2025-7573 was published Jul 14, 2025
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for... High Unreviewed
CVE-2020-36848 was published Jul 12, 2025
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files Moderate
CVE-2025-26795 was published for org.apache.iotdb:iotdb-jdbc (Maven) May 14, 2025
AnonySE26
Credited to AnonySE26
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP... Moderate Unreviewed
CVE-2024-25591 was published Mar 17, 2024
The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to,... Moderate Unreviewed
CVE-2025-6745 was published Jul 11, 2025
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2025-4593 was published Jul 11, 2025
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U... High Unreviewed
CVE-2025-34098 was published Jul 10, 2025
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token Critical
CVE-2025-53624 was published for docusaurus-plugin-content-gists (npm) Jul 9, 2025
webbertakken
Credited to webbertakken
Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization Moderate
CVE-2025-53512 was published for github.com/juju/juju (Go) Jul 9, 2025
wallyworld hpidcock
Credited to wallyworld and hpidcock
Generation of Error Message Containing Sensitive Information in Elasticsearch Moderate
CVE-2021-22145 was published for org.elasticsearch.client:elasticsearch-rest-client (Maven) May 24, 2022
An unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep... Critical Unreviewed
CVE-2025-34084 was published Jul 9, 2025
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to... High Unreviewed
CVE-2025-49741 was published Jul 2, 2025
Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework... Moderate Unreviewed
CVE-2025-49664 was published Jul 8, 2025
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized... Moderate Unreviewed
CVE-2025-48808 was published Jul 8, 2025
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an... Moderate Unreviewed
CVE-2025-47980 was published Jul 8, 2025
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission Moderate
CVE-2024-11741 was published for github.com/grafana/grafana (Go) Jan 31, 2025
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20325 was published Jul 7, 2025
The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-11089 was published Jul 7, 2025
The Exposure of Sensitive Information to an Unauthorized Actor vulnerability impacting Beta80... Moderate Unreviewed
CVE-2025-26485 was published Mar 19, 2025
Apache IoTDB Discloses Sensitive Information via Log Files Moderate
CVE-2025-26864 was published for apache-iotdb (Maven) May 14, 2025
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form &... Moderate Unreviewed
CVE-2024-13451 was published Jul 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database