Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,395
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

134,255 advisories

Loading
The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application ... Moderate Unreviewed
CVE-2025-43977 was published Jul 21, 2025
The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed... Moderate Unreviewed
CVE-2025-43976 was published Jul 21, 2025
Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform... Moderate Unreviewed
CVE-2025-49706 was published Jul 8, 2025
Mattermost password hash disclosure vulnerability Moderate
CVE-2023-5968 was published for github.com/mattermost/mattermost-server (Go) Nov 6, 2023
MarkLee131
PowerJob vulnerable to Incorrect Access Control via the create user/save interface. Moderate
CVE-2023-29922 was published for tech.powerjob:powerjob (Maven) Apr 19, 2023
achibear aruneko
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-7715 was published Jul 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-7716 was published Jul 21, 2025
A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat... Moderate Unreviewed
CVE-2025-51397 was published Jul 21, 2025
A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to... Moderate Unreviewed
CVE-2025-51396 was published Jul 21, 2025
A stored cross-site scripting (XSS) vulnerability in the Facebook registration page of Live... Moderate Unreviewed
CVE-2025-51398 was published Jul 21, 2025
A stored cross-site scripting (XSS) vulnerability in the Personal Canned Messages of Live Helper... Moderate Unreviewed
CVE-2025-51400 was published Jul 21, 2025
A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper... Moderate Unreviewed
CVE-2025-51401 was published Jul 21, 2025
Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The... Moderate Unreviewed
CVE-2025-43720 was published Jul 21, 2025
A vulnerability was found in code-projects Food Ordering Review System 1.0. It has been declared... Moderate Unreviewed
CVE-2025-8018 was published Jul 22, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-4294 was published Jul 22, 2025
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross... Moderate Unreviewed
CVE-2025-8015 was published Jul 22, 2025
An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy)... Moderate Unreviewed
CVE-2025-34142 was published Jul 22, 2025
Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows... Moderate Unreviewed
CVE-2025-4295 was published Jul 22, 2025
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform... Moderate Unreviewed
CVE-2025-34141 was published Jul 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-7392 was published Jul 21, 2025
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
Femanager extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7900 was published for in2code/femanager (Composer) Jul 22, 2025
Powermail extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7899 was published for in2code/powermail (Composer) Jul 22, 2025
Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's... Moderate Unreviewed
CVE-2025-46267 was published Jul 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database