Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,972 advisories

Loading
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The... Low Unreviewed
CVE-2024-20920 was published Jan 17, 2024
Passbolt Browser Extension leaks password information Moderate
CVE-2024-33669 was published for passbolt-browser-extension (npm) Apr 26, 2024
Withdrawn Advisory: Helm shows secrets in clear text Moderate
CVE-2019-25210 was published for helm.sh/helm/v3 (Go) Mar 3, 2024 withdrawn
oscerd
Credited to oscerd
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the... Critical Unreviewed
CVE-2023-51154 was published Jan 4, 2024
HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints... Low Unreviewed
CVE-2023-50346 was published Jan 3, 2024
An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious... Moderate Unreviewed
CVE-2023-48131 was published Jan 26, 2024
An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious... Moderate Unreviewed
CVE-2023-48135 was published Jan 26, 2024
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14,... Moderate Unreviewed
CVE-2023-40385 was published Jan 11, 2024
An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious... Moderate Unreviewed
CVE-2023-43994 was published Jan 24, 2024
The issue was addressed with additional restrictions on the observability of app states. This... Moderate Unreviewed
CVE-2023-42829 was published Jan 11, 2024
A remote unauthorized attacker may gather sensitive information of the application, due to... High Unreviewed
CVE-2025-49184 was published Jun 12, 2025
The created backup files are unencrypted, making the application vulnerable for gathering... Moderate Unreviewed
CVE-2025-49200 was published Jun 12, 2025
BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2025-49653 was published for backend.ai (pip) Jun 9, 2025
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the... High Unreviewed
CVE-2025-26521 was published Jun 11, 2025
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions... Moderate Unreviewed
CVE-2025-4798 was published Jun 11, 2025
In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A... Moderate Unreviewed
CVE-2025-30675 was published Jun 11, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an... Moderate Unreviewed
CVE-2025-43579 was published Jun 10, 2025
Nautobot may allows uploaded media files to be accessible without authentication Moderate
CVE-2025-49143 was published for nautobot (pip) Jun 10, 2025
Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized... Moderate Unreviewed
CVE-2025-47969 was published Jun 10, 2025
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS... Moderate Unreviewed
CVE-2025-25250 was published Jun 10, 2025
GWC Home Page communicate version and revision information Moderate
CVE-2024-38524 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
sikeoka
Credited to sikeoka
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
Credited to lemauanhphong and jodygarnett
In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can... High Unreviewed
CVE-2024-24304 was published Feb 7, 2024
The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes,... Moderate Unreviewed
CVE-2025-25209 was published Jun 9, 2025
Argo CD does not scrub secret values from patch errors Moderate
CVE-2025-23216 was published for github.com/argoproj/argo-cd (Go) Jan 30, 2025
svghadi
Credited to svghadi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database