Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,228
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin... Moderate Unreviewed
CVE-2024-45894 was published Oct 7, 2024
A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and... Moderate Unreviewed
CVE-2024-44807 was published Oct 11, 2024
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. Moderate
CVE-2024-49756 was published for ash_postgres (Erlang) Oct 23, 2024
maennchen rapidfsub
zachdaniel
Credited to maennchen, rapidfsub, and zachdaniel
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway... Moderate Unreviewed
CVE-2024-8535 was published Nov 12, 2024
A vulnerability in Cisco IND could allow an authenticated, local attacker to read application... Moderate Unreviewed
CVE-2023-20039 was published Nov 15, 2024
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1... Moderate Unreviewed
CVE-2024-10126 was published Nov 20, 2024
TCPDF Local File Inclusion vulnerability Moderate
CVE-2024-51058 was published for tecnickcom/tcpdf (Composer) Nov 26, 2024
File replacement vulnerability on some devices Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2024-54099 was published Dec 12, 2024
Specially constructed queries targeting ETM could discover active remote access sessions Moderate Unreviewed
CVE-2024-47518 was published Jan 11, 2025
Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability Moderate
CVE-2024-45627 was published for org.apache.linkis:linkis-metadata-query-service-jdbc (Maven) Jan 14, 2025
IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2024-47106 was published Jan 18, 2025
Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2... Moderate Unreviewed
CVE-2024-10403 was published Feb 4, 2025
An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7... Moderate Unreviewed
CVE-2025-1042 was published Feb 12, 2025
An attacker could obtain firmware files and reverse engineer their intended use leading to loss... Moderate Unreviewed
CVE-2025-23421 was published Feb 14, 2025
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the... Moderate Unreviewed
CVE-2025-25799 was published Mar 6, 2025
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as... Moderate Unreviewed
CVE-2025-2038 was published Mar 6, 2025
A files or directories accessible to external parties vulnerability has been reported to affect... Moderate Unreviewed
CVE-2024-48864 was published Mar 7, 2025
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302... Moderate Unreviewed
CVE-2025-25267 was published Mar 11, 2025
The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web... Moderate Unreviewed
CVE-2024-13126 was published Mar 16, 2025
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear... Moderate Unreviewed
CVE-2025-2651 was published Mar 23, 2025
The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which... Moderate Unreviewed
CVE-2024-8031 was published May 15, 2025
A vulnerability classified as critical was found in SourceCodester Client Database Management... Moderate Unreviewed
CVE-2025-4909 was published May 19, 2025
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap... Moderate Unreviewed
CVE-2025-48928 was published May 28, 2025
Markdownify MCP Server allows attackers to read arbitrary files Moderate
CVE-2025-5273 was published for mcp-markdownify-server (npm) May 29, 2025
The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with... Moderate Unreviewed
CVE-2025-4634 was published May 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database