Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,975 advisories

Loading
Aruba has identified certain configurations of ArubaOS that can lead to sensitive information... Moderate Unreviewed
CVE-2022-37909 was published Dec 12, 2022
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE... Moderate Unreviewed
CVE-2022-37930 was published Dec 12, 2022
Information Disclosure via Flags override link Moderate
CVE-2025-46332 was published for @vercel/flags (npm) May 2, 2025
The Yame | Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in... Moderate Unreviewed
CVE-2025-2880 was published May 2, 2025
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that... High Unreviewed
CVE-2022-30556 was published Jun 10, 2022
Moderate severity vulnerability that affects rails Moderate
CVE-2007-5379 was published for rails (RubyGems) Oct 24, 2017
katzj
Credited to katzj
APM server logs could contain parts of the document body from a partially failed bulk index... Moderate Unreviewed
CVE-2024-11994 was published May 1, 2025
Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic... Moderate Unreviewed
CVE-2023-46669 was published May 1, 2025
The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to... High Unreviewed
CVE-2022-42977 was published Nov 15, 2022
Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi tyage
postmodern
Credited to yoshizawa-masatoshi, tyage, and postmodern
Vite allows server.fs.deny to be bypassed with .svg or relative paths Moderate
CVE-2025-31486 was published for vite (npm) Apr 4, 2025
HSwift Iuhsssss
kikayli sw0rd1ight do9gy-msec Onetpaer
Credited to HSwift, Iuhsssss, kikayli, sw0rd1ight, do9gy-msec, and Onetpaer
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper... High Unreviewed
CVE-2025-32986 was published Apr 25, 2025
Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*. Moderate Unreviewed
CVE-2025-3059 was published Apr 1, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15... Moderate Unreviewed
CVE-2025-24270 was published Apr 29, 2025
A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as... Moderate Unreviewed
CVE-2025-3975 was published Apr 27, 2025
A vulnerability was found in dazhouda lecms 3.0.3. It has been rated as problematic. Affected by... Moderate Unreviewed
CVE-2025-3978 was published Apr 27, 2025
A vulnerability was found in itwanger paicoding 1.0.3 and classified as problematic. Affected by... Moderate Unreviewed
CVE-2025-3966 was published Apr 27, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. High Unreviewed
CVE-2025-32983 was published Apr 25, 2025
Moodle reveals student identities through assignment submissions search on anonymous submissions Moderate
CVE-2025-3628 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle allows unauthenticated REST API user data exposure High
CVE-2025-32044 was published for moodle/moodle (Composer) Apr 25, 2025
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-3923 was published Apr 25, 2025
An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th... High Unreviewed
CVE-2022-28607 was published Dec 1, 2022
In wlan driver, there is a possible missing permission check, This could lead to local... Moderate Unreviewed
CVE-2022-42782 was published Dec 6, 2022
In wlan driver, there is a possible missing permission check, This could lead to local... Moderate Unreviewed
CVE-2022-42766 was published Dec 6, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2).... Moderate Unreviewed
CVE-2021-37192 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database