Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

10,487 advisories

Loading
Missing "no cache" headers in HCL Leap permits user directory information to be cached. Low Unreviewed
CVE-2023-37516 was published Apr 24, 2025
Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Low Unreviewed
CVE-2024-30127 was published Apr 24, 2025
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through... Low Unreviewed
CVE-2025-46394 was published Apr 23, 2025
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring... Low Unreviewed
CVE-2024-30114 was published Apr 24, 2025
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv... Low Unreviewed
CVE-2024-58251 was published Apr 23, 2025
IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information... Low Unreviewed
CVE-2025-25046 was published Apr 24, 2025
In wlan driver, there is a possible missing bounds check, This could lead to local denial of... Low Unreviewed
CVE-2022-42757 was published Dec 6, 2022
In wlan driver, there is a possible missing bounds check, This could lead to local denial of... Low Unreviewed
CVE-2022-42758 was published Dec 6, 2022
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has... Low Unreviewed
CVE-2025-32415 was published Apr 17, 2025
Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the... Low Unreviewed
CVE-2022-45228 was published Dec 12, 2022
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled ... Low Unreviewed
CVE-2025-46393 was published Apr 23, 2025
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after... Low Unreviewed
CVE-2025-43965 was published Apr 23, 2025
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location... Low Unreviewed
CVE-2022-20240 was published Dec 13, 2022
NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an... Low Unreviewed
CVE-2025-23253 was published Apr 22, 2025
DragonflyDB Dragonfly through 1.28.2 allows authenticated users to cause a denial of service ... Low Unreviewed
CVE-2025-26269 was published Apr 17, 2025
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may... Low Unreviewed
CVE-2025-2987 was published Apr 22, 2025
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a... Low Unreviewed
CVE-2024-42195 was published Dec 5, 2024
In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of... Low Unreviewed
CVE-2022-20525 was published Dec 20, 2022
In various functions of ap_input_processor.c, there is a possible way to record audio during a... Low Unreviewed
CVE-2022-20562 was published Dec 21, 2022
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. Low Unreviewed
CVE-2025-2517 was published Apr 21, 2025
Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a... Low Unreviewed
CVE-2025-43916 was published Apr 21, 2025
In multiple locations, there is a possible display crash loop due to improper input validation.... Low Unreviewed
CVE-2022-20543 was published Dec 19, 2022
An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA... Low Unreviewed
CVE-2025-3840 was published Apr 21, 2025
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. Low Unreviewed
CVE-2025-43966 was published Apr 21, 2025
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer... Low Unreviewed
CVE-2025-43963 was published Apr 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database