Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,347
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,768
NuGet
680
pip
3,457
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

6,183 advisories

Loading
A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and... Moderate Unreviewed
CVE-2025-20207 was published Feb 5, 2025
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission Moderate
CVE-2024-11741 was published for github.com/grafana/grafana (Go) Jan 31, 2025
kube-audit-rest's example logging configuration could disclose secret values in the audit log Moderate
CVE-2025-24884 was published for github.com/RichardoC/kube-audit-rest (Go) Jan 29, 2025
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource Moderate
CVE-2025-24784 was published for github.com/kubewarden/kubewarden-controller (Go) Jan 30, 2025
flavio
Argo CD does not scrub secret values from patch errors Moderate
CVE-2025-23216 was published for github.com/argoproj/argo-cd (Go) Jan 30, 2025
svghadi
The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for... Moderate Unreviewed
CVE-2024-13829 was published Feb 5, 2025
Browsershot Improper Input Validation vulnerability Moderate
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-13623 was published Jan 31, 2025
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-8494 was published Jan 30, 2025
A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command ... Moderate Unreviewed
CVE-2023-28357 was published May 12, 2023
Opening a malicious website while running a Nuxt dev server could allow read-only access to code Moderate
CVE-2025-24360 was published for @nuxt/vite-builder (npm) Jan 27, 2025
sapphi-red
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2024-11090 was published Jan 26, 2025
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information Moderate
CVE-2025-24363 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
pat-ryan-health
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to... Moderate Unreviewed
CVE-2016-2388 was published May 13, 2022
Cilium has an information leakage via insecure default Hubble UI CORS header Moderate
CVE-2025-23047 was published for github.com/cilium/cilium (Go) Jan 22, 2025
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to... Moderate Unreviewed
CVE-2011-0736 was published May 17, 2022
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified ... Moderate Unreviewed
CVE-2010-0488 was published May 2, 2022
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from... Moderate Unreviewed
CVE-2010-3330 was published May 13, 2022
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &... Moderate Unreviewed
CVE-2025-0318 was published Jan 18, 2025
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of... Moderate Unreviewed
CVE-2008-3474 was published May 2, 2022
The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-12637 was published Jan 17, 2025
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in... Moderate Unreviewed
CVE-2024-6455 was published Jul 18, 2024
Field-level security issue with .keyword fields in OpenSearch Moderate
CVE-2023-23613 was published for org.opensearch.plugin:opensearch-security (Maven) Jan 24, 2023
binary-1024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database