Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,262
Maven
5,000+
npm
3,912
NuGet
705
pip
3,681
Pub
12
RubyGems
916
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

10,506 advisories

Loading
When a Web User without Create permission on subfolders attempts to upload a file to a non... Low Unreviewed
CVE-2025-0049 was published Apr 28, 2025
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e.... Low Unreviewed
CVE-2025-4032 was published Apr 28, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Low Unreviewed
CVE-2024-12706 was published Apr 28, 2025
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Low Unreviewed
CVE-2023-35814 was published Apr 28, 2025
In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL... Low Unreviewed
CVE-2025-46614 was published Apr 28, 2025
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on... Low Unreviewed
CVE-2023-35815 was published Apr 28, 2025
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Low Unreviewed
CVE-2023-35816 was published Apr 28, 2025
The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not... Low Unreviewed
CVE-2025-0627 was published Apr 28, 2025
The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings... Low Unreviewed
CVE-2024-9771 was published Apr 28, 2025
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper... Low Unreviewed
CVE-2025-23376 was published Apr 28, 2025
The device’s passwords have not been adequately salted, making them vulnerable to password... Low Unreviewed
CVE-2025-32471 was published Apr 28, 2025
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF... Low Unreviewed
CVE-2025-2866 was published Apr 27, 2025
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a... Low Unreviewed
CVE-2024-52887 was published Apr 27, 2025
In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to... Low Unreviewed
CVE-2025-46675 was published Apr 27, 2025
NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended... Low Unreviewed
CVE-2025-46674 was published Apr 27, 2025
NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially... Low Unreviewed
CVE-2025-46672 was published Apr 27, 2025
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after... Low Unreviewed
CVE-2025-43965 was published Apr 23, 2025
Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent... Low Unreviewed
CVE-2025-46653 was published Apr 26, 2025
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview... Low Unreviewed
CVE-2024-31144 was published Feb 14, 2025
A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects... Low Unreviewed
CVE-2025-1181 was published Feb 11, 2025
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab Low Unreviewed
CVE-2025-46618 was published Apr 25, 2025
Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically... Low Unreviewed
CVE-2024-57375 was published Apr 25, 2025
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an... Low Unreviewed
CVE-2025-46546 was published Apr 25, 2025
Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Low Unreviewed
CVE-2024-30127 was published Apr 24, 2025
Missing "no cache" headers in HCL Leap permits user directory information to be cached. Low Unreviewed
CVE-2023-37516 was published Apr 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database