Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,395
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

134,255 advisories

Loading
File Upload vulnerability in agent.hub.controller.refresh_plugins in eosphoros-ai DB-GPT 0.7.0... Moderate Unreviewed
CVE-2025-51459 was published Jul 22, 2025
SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers... Moderate Unreviewed
CVE-2025-51458 was published Jul 22, 2025
Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17... Moderate Unreviewed
CVE-2025-51462 was published Jul 22, 2025
Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows... Moderate Unreviewed
CVE-2025-51472 was published Jul 22, 2025
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table... Moderate Unreviewed
CVE-2024-7246 was published Aug 6, 2024
Grafana's insecure DingDing Alert integration exposes sensitive information Moderate
CVE-2025-3415 was published for github.com/grafana/grafana (Go) Jul 17, 2025
Aim vulnerable to Cross-site Scripting Moderate
CVE-2025-51464 was published for aim (pip) Jul 22, 2025
Indico vulnerability allows attackers to bulk dump user details Moderate
CVE-2025-53640 was published for indico (pip) Jul 14, 2025
rafaelcorvino1 rildosouza
nmmorette
Insecure Direct Object Reference (IDOR) vulnerability in TelegAI (telegai.com) thru 2025-05-26 in... Moderate Unreviewed
CVE-2025-51862 was published Jul 22, 2025
Self Cross-Site Scripting (XSS) vulnerability in ChatPlayground.ai through 2025-05-24, allows... Moderate Unreviewed
CVE-2025-51858 was published Jul 22, 2025
Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli (ChatGPTUnli.com) thru 2025-05-26... Moderate Unreviewed
CVE-2025-51863 was published Jul 22, 2025
Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows... Moderate Unreviewed
CVE-2025-52374 was published Jul 21, 2025
An issue was discovered in CommScope Ruckus Unleashed prior to 200.14.6.1.203 and in Ruckus... Moderate Unreviewed
CVE-2025-46120 was published Jul 21, 2025
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139... Moderate Unreviewed
CVE-2025-46122 was published Jul 21, 2025
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.12.304, where an... Moderate Unreviewed
CVE-2025-46119 was published Jul 21, 2025
Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025-05-26 in its agent chat... Moderate Unreviewed
CVE-2025-51859 was published Jul 22, 2025
A reflected cross-site scripting (XSS) vulnerability exists in AIBOX LLM chat (chat.aibox365.cn)... Moderate Unreviewed
CVE-2025-51864 was published Jul 22, 2025
Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com) 2025-05-26 in its chat component and... Moderate Unreviewed
CVE-2025-51860 was published Jul 22, 2025
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows... Moderate Unreviewed
CVE-2025-52373 was published Jul 21, 2025
An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the... Moderate Unreviewed
CVE-2025-52372 was published Jul 21, 2025
Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before... Moderate Unreviewed
CVE-2024-55040 was published Jul 21, 2025
A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity... Moderate Unreviewed
CVE-2025-20130 was published Jun 4, 2025
There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc()... Moderate Unreviewed
CVE-2024-5197 was published Jun 3, 2024
IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to... Moderate Unreviewed
CVE-2024-38335 was published Jul 22, 2025
Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated... Moderate Unreviewed
CVE-2025-7371 was published Jul 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database