Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,515
Erlang
33
GitHub Actions
25
Go
2,215
Maven
5,000+
npm
3,876
NuGet
697
pip
3,648
Pub
12
RubyGems
913
Rust
924
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,742 advisories

Loading
Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics High
CVE-2023-27591 was published for miniflux.app (Go) Apr 2, 2025
40826d fguillot
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13567 was published Apr 1, 2025
Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting... High Unreviewed
CVE-2025-26009 was published Mar 26, 2025
Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter... High Unreviewed
CVE-2025-26001 was published Mar 26, 2025
Directus's webhook trigger flows can leak sensitive data High
CVE-2025-30353 was published for directus (npm) Mar 26, 2025
dzevs
Frappe vulnerable to information disclosure leading to account takeover High
CVE-2025-30214 was published for frappe (pip) Mar 25, 2025
yeuchimse
Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations... High Unreviewed
CVE-2024-8055 was published Mar 20, 2025
In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` API endpoint allows... High Unreviewed
CVE-2024-6842 was published Mar 20, 2025
In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability... High Unreviewed
CVE-2024-11031 was published Mar 20, 2025
Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13... High Unreviewed
CVE-2025-2277 was published Mar 13, 2025
Prototype Pollution Vulnerability in parse-git-config High
CVE-2025-25975 was published for parse-git-config (npm) Mar 12, 2025
Malayke
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an... High Unreviewed
CVE-2025-24071 was published Mar 11, 2025
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0... High Unreviewed
CVE-2023-40723 was published Mar 11, 2025
com.xwiki.confluencepro:application-confluence-migrator-pro-ui's application homepage is public High
CVE-2025-27604 was published for com.xwiki.confluencepro:application-confluence-migrator-pro-ui (Maven) Mar 7, 2025
Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers... High Unreviewed
CVE-2025-26167 was published Mar 6, 2025
Information disclosure may occur due to improper permission and access controls to Video... High Unreviewed
CVE-2024-53011 was published Mar 3, 2025
An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft... High Unreviewed
CVE-2025-25951 was published Mar 3, 2025
The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is... High Unreviewed
CVE-2024-13911 was published Mar 1, 2025
The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss... High Unreviewed
CVE-2024-13611 was published Mar 1, 2025
The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable... High Unreviewed
CVE-2024-13568 was published Mar 1, 2025
An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001... High Unreviewed
CVE-2025-25729 was published Feb 28, 2025
An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via... High Unreviewed
CVE-2025-25333 was published Feb 27, 2025
An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via... High Unreviewed
CVE-2025-22973 was published Feb 21, 2025
The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive... High Unreviewed
CVE-2024-13622 was published Feb 18, 2025
A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva... High Unreviewed
CVE-2025-22960 was published Feb 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database