Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

145,551 advisories

Loading
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can elevate to... Moderate Unreviewed
CVE-2025-31513 was published Jul 22, 2025
File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0... Moderate Unreviewed
CVE-2025-51459 was published Jul 22, 2025
Dagster Local File Inclusion vulnerability Moderate
CVE-2025-51481 was published for dagster (pip) Jul 22, 2025
Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated... Moderate Unreviewed
CVE-2025-7371 was published Jul 22, 2025
IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to... Moderate Unreviewed
CVE-2024-38335 was published Jul 22, 2025
Aim vulnerable to Cross-site Scripting Moderate
CVE-2025-51464 was published for aim (pip) Jul 22, 2025
A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared... Moderate Unreviewed
CVE-2025-8018 was published Jul 22, 2025
Self Cross-Site Scripting (XSS) vulnerability in ChatPlayground.ai through 2025-05-24, allows... Moderate Unreviewed
CVE-2025-51858 was published Jul 22, 2025
Insecure Direct Object Reference (IDOR) vulnerability in TelegAI (telegai.com) thru 2025-05-26 in... Moderate Unreviewed
CVE-2025-51862 was published Jul 22, 2025
Insecure Direct Object Reference (IDOR) vulnerability in Deepfiction AI (deepfiction.ai) thru... Moderate Unreviewed
CVE-2025-51867 was published Jul 22, 2025
Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com) 2025-05-26 in its chat component and... Moderate Unreviewed
CVE-2025-51860 was published Jul 22, 2025
A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (chat.aibox365.cn)... Moderate Unreviewed
CVE-2025-51864 was published Jul 22, 2025
Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows... Moderate Unreviewed
CVE-2025-4295 was published Jul 22, 2025
Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli (ChatGPTUnli.com) thru 2025-05-26... Moderate Unreviewed
CVE-2025-51863 was published Jul 22, 2025
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-8015 was published Jul 22, 2025
Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat... Moderate Unreviewed
CVE-2025-51859 was published Jul 22, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-4294 was published Jul 22, 2025
An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy)... Moderate Unreviewed
CVE-2025-34142 was published Jul 22, 2025
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform... Moderate Unreviewed
CVE-2025-34141 was published Jul 22, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-4284 was published Jul 22, 2025
Powermail extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7899 was published for in2code/powermail (Composer) Jul 22, 2025
Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's... Moderate Unreviewed
CVE-2025-46267 was published Jul 22, 2025
Femanager extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7900 was published for in2code/femanager (Composer) Jul 22, 2025
The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all... Moderate Unreviewed
CVE-2025-6082 was published Jul 22, 2025
The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all... Moderate Unreviewed
CVE-2025-7685 was published Jul 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database