Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,850
Erlang
36
GitHub Actions
34
Go
2,480
Maven
5,000+
npm
4,097
NuGet
734
pip
3,910
Pub
12
RubyGems
945
Rust
1,014
Swift
39
Unreviewed advisories
All unreviewed
5,000+

245 advisories

Loading
Valtimo scripting engine can be used to gain access to sensitive data or resources Critical
CVE-2025-58059 was published for com.ritense.valtimo:core (Maven) Aug 28, 2025
Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to... Critical Unreviewed
CVE-2024-39335 was published Aug 26, 2025
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in... Critical Unreviewed
CVE-2025-7426 was published Aug 25, 2025
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid... Critical Unreviewed
CVE-2025-27845 was published Aug 14, 2025
An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service... Critical Unreviewed
CVE-2025-43986 was published Aug 13, 2025
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either... Critical Unreviewed
CVE-2025-30127 was published Aug 6, 2025
This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6... Critical Unreviewed
CVE-2025-43189 was published Jul 30, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-31279 was published Jul 30, 2025
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token Critical
CVE-2025-53624 was published for docusaurus-plugin-content-gists (npm) Jul 9, 2025
webbertakken
An unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep... Critical Unreviewed
CVE-2025-34084 was published Jul 9, 2025
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent... Critical Unreviewed
CVE-2025-34064 was published Jul 1, 2025
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and... Critical Unreviewed
CVE-2023-47029 was published Jun 23, 2025
An information disclosure vulnerability exists in Aquatronica Controller System firmware versions... Critical Unreviewed
CVE-2025-25037 was published Jun 20, 2025
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) Critical
CVE-2024-34711 was published for org.geoserver.main:gs-main (Maven) Jun 10, 2025
lemauanhphong jodygarnett
Exposure of sensitive information to an unauthorized actor in Power Automate allows an... Critical Unreviewed
CVE-2025-47966 was published Jun 5, 2025
PrinterShare Android application allows the capture of Gmail authentication tokens that can be... Critical Unreviewed
CVE-2025-5098 was published May 23, 2025
The issue was addressed with improved restriction of data container access. This issue is fixed... Critical Unreviewed
CVE-2025-31183 was published Apr 1, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Ventura... Critical Unreviewed
CVE-2025-30424 was published Apr 1, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4,... Critical Unreviewed
CVE-2025-30426 was published Apr 1, 2025
This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5... Critical Unreviewed
CVE-2025-24279 was published Apr 1, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Ventura... Critical Unreviewed
CVE-2025-24253 was published Apr 1, 2025
A privacy issue was addressed by moving sensitive data to a protected location. This issue is... Critical Unreviewed
CVE-2025-24263 was published Apr 1, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-24278 was published Apr 1, 2025
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in... Critical Unreviewed
CVE-2025-24239 was published Apr 1, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia... Critical Unreviewed
CVE-2025-24242 was published Apr 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database