Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,783
Erlang
36
GitHub Actions
29
Go
2,353
Maven
5,000+
npm
3,977
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

9,643 advisories

Loading
Vite has an `server.fs.deny` bypass with an invalid `request-target` Moderate
CVE-2025-32395 was published for vite (npm) Apr 11, 2025
do9gy-msec sw0rd1ight
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia... Moderate Unreviewed
CVE-2025-32080 was published Apr 11, 2025
The Developer Toolbar plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2025-2881 was published Apr 12, 2025
The Cart66 Cloud plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2025-2841 was published Apr 12, 2025
cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=. Moderate Unreviewed
CVE-2025-27980 was published Apr 15, 2025
Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. ... Moderate Unreviewed
CVE-2025-30702 was published Apr 15, 2025
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). ... High Unreviewed
CVE-2025-30724 was published Apr 15, 2025
Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to ... High Unreviewed
CVE-2025-3698 was published Apr 16, 2025
The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in... Moderate Unreviewed
CVE-2025-3104 was published Apr 16, 2025
An issue in DataPatrol Screenshot watermark, printing watermark agent v.3.5.2.0 allows a... Moderate Unreviewed
CVE-2025-29316 was published Apr 17, 2025
An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui... High Unreviewed
CVE-2025-28235 was published Apr 18, 2025
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2025-23174 was published Apr 21, 2025
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2024-11299 was published Apr 22, 2025
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-3923 was published Apr 25, 2025
Moodle reveals student identities through assignment submissions search on anonymous submissions Moderate
CVE-2025-3628 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle allows unauthenticated REST API user data exposure High
CVE-2025-32044 was published for moodle/moodle (Composer) Apr 25, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. High Unreviewed
CVE-2025-32983 was published Apr 25, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper... High Unreviewed
CVE-2025-32986 was published Apr 25, 2025
A vulnerability was found in itwanger paicoding 1.0.3 and classified as problematic. Affected by... Moderate Unreviewed
CVE-2025-3966 was published Apr 27, 2025
A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as... Moderate Unreviewed
CVE-2025-3975 was published Apr 27, 2025
A vulnerability was found in dazhouda lecms 3.0.3. It has been rated as problematic. Affected by... Moderate Unreviewed
CVE-2025-3978 was published Apr 27, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15... Moderate Unreviewed
CVE-2025-24270 was published Apr 29, 2025
Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic... Moderate Unreviewed
CVE-2023-46669 was published May 1, 2025
APM server logs could contain parts of the document body from a partially failed bulk index... Moderate Unreviewed
CVE-2024-11994 was published May 1, 2025
The Yame | Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in... Moderate Unreviewed
CVE-2025-2880 was published May 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database