Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

253,217 advisories

Loading
Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows... Unknown Unreviewed
CVE-2025-25777 was published Apr 24, 2025
ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL... Unknown Unreviewed
CVE-2025-29529 was published Apr 24, 2025
Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Low Unreviewed
CVE-2024-30127 was published Apr 24, 2025
Missing "no cache" headers in HCL Leap permits user directory information to be cached. Low Unreviewed
CVE-2023-37516 was published Apr 24, 2025
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed... Moderate Unreviewed
CVE-2022-44759 was published Apr 24, 2025
Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer... Critical Unreviewed
CVE-2025-26382 was published Apr 24, 2025
Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in... Moderate Unreviewed
CVE-2022-44760 was published Apr 24, 2025
Missing Authorization vulnerability in Michael Revellin-Clerc Media Library Downloader allows... Moderate Unreviewed
CVE-2025-46519 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46533 was published Apr 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar allows Stored XSS.... High Unreviewed
CVE-2025-46528 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46534 was published Apr 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin allows... High Unreviewed
CVE-2025-46512 was published Apr 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS.... High Unreviewed
CVE-2025-46507 was published Apr 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup allows... High Unreviewed
CVE-2025-46514 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46517 was published Apr 24, 2025
Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper ... Moderate Unreviewed
CVE-2025-46531 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46521 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46529 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46532 was published Apr 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows... Moderate Unreviewed
CVE-2025-46513 was published Apr 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category allows Stored... High Unreviewed
CVE-2025-46524 was published Apr 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator allows Stored... High Unreviewed
CVE-2025-46516 was published Apr 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs allows Stored XSS. This... High Unreviewed
CVE-2025-46522 was published Apr 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies allows... High Unreviewed
CVE-2025-46520 was published Apr 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-46509 was published Apr 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database