Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,855
Erlang
36
GitHub Actions
35
Go
2,481
Maven
5,000+
npm
4,102
NuGet
734
pip
3,915
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

245 advisories

Loading
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint... Critical Unreviewed
CVE-2021-3773 was published Feb 17, 2022
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sequoia... Critical Unreviewed
CVE-2025-24102 was published Jan 28, 2025
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in... Critical Unreviewed
CVE-2025-24109 was published Jan 28, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in... Critical Unreviewed
CVE-2025-24146 was published Jan 28, 2025
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can... Critical Unreviewed
CVE-2024-3596 was published Jul 9, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS... Critical Unreviewed
CVE-2025-24174 was published Jan 28, 2025
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL... Critical Unreviewed
CVE-2023-38547 was published Nov 14, 2023
The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation... Critical Unreviewed
CVE-2022-48348 was published Mar 28, 2023
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) Critical
GHSA-vjh7-7g9h-fjfh was published for elliptic (npm) Feb 12, 2025
ChALkeR jprichardson
A vulnerability in Brocade SANnav ova versions before Brocade SANnav v2.3.1 and v2.3.0a exposes... Critical Unreviewed
CVE-2024-4173 was published Apr 25, 2024
An issue was identified in Fleet Server where Fleet policies that could contain sensitive... Critical Unreviewed
CVE-2024-52975 was published Jan 23, 2025
Exposure of Sensitive Information to an Unauthorized Actor in urllib3 Critical
CVE-2018-20060 was published for urllib3 (pip) Dec 12, 2018
http4k has a potential XXE (XML External Entity Injection) vulnerability Critical
CVE-2024-55875 was published for org.http4k:http4k-format-xml (Maven) Dec 12, 2024
JAckLosingHeart
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens Critical
CVE-2023-43791 was published for label-studio (pip) Nov 9, 2023
alex-elttam Robbilie
DIRAC's TokenManager does not check permissions on cached tokens Critical
CVE-2024-24825 was published for DIRAC (pip) Feb 8, 2024
chaen aldbr
chrisburr
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability... Critical Unreviewed
CVE-2024-3502 was published Nov 14, 2024
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability... Critical Unreviewed
CVE-2024-3501 was published Nov 14, 2024
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the... Critical Unreviewed
CVE-2024-10285 was published Nov 9, 2024
salt password information leaked in debug logs Critical
CVE-2015-6941 was published for salt (pip) May 17, 2022
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that... Critical Unreviewed
CVE-2024-8884 was published Oct 8, 2024
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430,... Critical Unreviewed
CVE-2023-40622 was published Sep 13, 2023
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code... Critical Unreviewed
CVE-2024-30922 was published Apr 18, 2024
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the... Critical Unreviewed
CVE-2024-27113 was published Sep 11, 2024
Django-Anymail prone to a timing attack Critical
CVE-2018-6596 was published for django-anymail (pip) Jul 12, 2018
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10... Critical Unreviewed
CVE-2012-6664 was published Jun 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database