Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

11,856 advisories

Loading
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue... Low Unreviewed
CVE-2025-3984 was published Apr 27, 2025
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF... Low Unreviewed
CVE-2025-2866 was published Apr 27, 2025
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a... Low Unreviewed
CVE-2024-52887 was published Apr 27, 2025
In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to... Low Unreviewed
CVE-2025-46675 was published Apr 27, 2025
NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended... Low Unreviewed
CVE-2025-46674 was published Apr 27, 2025
NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially... Low Unreviewed
CVE-2025-46672 was published Apr 27, 2025
python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as ... Low Unreviewed
CVE-2025-46656 was published Apr 27, 2025
Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent... Low Unreviewed
CVE-2025-46653 was published Apr 26, 2025
Moodle's mod_data edit/delete pages pass CSRF token in GET parameter Low
CVE-2025-3637 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has a CSRF risk in Brickfield tool's analysis request action Low
CVE-2025-3638 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has a CSRF risk in user tours manager that allows tour duplication Low
CVE-2025-3635 was published for moodle/moodle (Composer) Apr 25, 2025
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab Low Unreviewed
CVE-2025-46618 was published Apr 25, 2025
Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically... Low Unreviewed
CVE-2024-57375 was published Apr 25, 2025
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an... Low Unreviewed
CVE-2025-46546 was published Apr 25, 2025
Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Low Unreviewed
CVE-2024-30127 was published Apr 24, 2025
Missing "no cache" headers in HCL Leap permits user directory information to be cached. Low Unreviewed
CVE-2023-37516 was published Apr 24, 2025
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring... Low Unreviewed
CVE-2024-30114 was published Apr 24, 2025
Mattermost Playbooks fails to properly validate permissions Low
CVE-2025-41423 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information... Low Unreviewed
CVE-2025-25046 was published Apr 24, 2025
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv... Low Unreviewed
CVE-2024-58251 was published Apr 23, 2025
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through... Low Unreviewed
CVE-2025-46394 was published Apr 23, 2025
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled ... Low Unreviewed
CVE-2025-46393 was published Apr 23, 2025
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after... Low Unreviewed
CVE-2025-43965 was published Apr 23, 2025
NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an... Low Unreviewed
CVE-2025-23253 was published Apr 22, 2025
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may... Low Unreviewed
CVE-2025-2987 was published Apr 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database