Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

838 advisories

Loading
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments... Critical Unreviewed
CVE-2025-32079 was published Apr 11, 2025
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - HTML Tags allows... Critical Unreviewed
CVE-2025-32073 was published Apr 11, 2025
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth... Critical Unreviewed
CVE-2025-32067 was published Apr 11, 2025
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata... Critical Unreviewed
CVE-2025-32071 was published Apr 11, 2025
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - AJAX Poll... Critical Unreviewed
CVE-2025-32070 was published Apr 11, 2025
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media... Critical Unreviewed
CVE-2025-32069 was published Apr 11, 2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-24446 was published Apr 8, 2025
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell` Critical
CVE-2025-31477 was published for @tauri-apps/plugin-shell (npm) Apr 2, 2025
Rigidity tweidinger
chippers lucasfernog
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS... Critical Unreviewed
CVE-2025-30452 was published Apr 1, 2025
Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate... Critical Unreviewed
CVE-2025-29814 was published Mar 21, 2025
A vulnerability in ollama/ollama version 0.1.37 allows for remote code execution (RCE) due to... Critical Unreviewed
CVE-2024-7773 was published Mar 20, 2025
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9),... Critical Unreviewed
CVE-2025-27493 was published Mar 11, 2025
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9),... Critical Unreviewed
CVE-2025-27494 was published Mar 11, 2025
Volt Allows RCE Via User-Crafted Requests Critical
CVE-2025-27517 was published for livewire/volt (Composer) Mar 5, 2025
angelej
Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation. Critical Unreviewed
CVE-2024-36047 was published Feb 28, 2025
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and... Critical Unreviewed
CVE-2025-1077 was published Feb 7, 2025
SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on... Critical Unreviewed
CVE-2024-47857 was published Jan 31, 2025
Apache Ranger UI vulnerable to Server Side Request Forgery Critical
CVE-2024-45479 was published for org.apache.ranger:ranger (Maven) Jan 22, 2025
CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and... Critical Unreviewed
CVE-2024-11737 was published Dec 11, 2024
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy Critical
CVE-2024-48914 was published for @vendure/asset-server-plugin (npm) Oct 15, 2024
Memory corruption while redirecting log file to any file location with any file name. Critical Unreviewed
CVE-2024-33066 was published Oct 7, 2024
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify... Critical Unreviewed
CVE-2024-8889 was published Sep 18, 2024
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This... Critical Unreviewed
CVE-2024-7591 was published Sep 5, 2024
An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-44808 was published Sep 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database