Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

11,339 advisories

Loading
Directus has a DOM-Based cross-site scripting (XSS) via layout_options Low
GHSA-9qrm-48qf-r2rw was published for directus (npm) Jan 23, 2025
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the... Low Unreviewed
CVE-2024-52328 was published Jan 23, 2025
Reflected Cross Site Scripting (XSS) in error message Low
GHSA-74j9-xhqr-6qv3 was published for silverstripe/framework (Composer) Jan 23, 2025
BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could... Low Unreviewed
CVE-2024-42184 was published Jan 23, 2025
BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML... Low Unreviewed
CVE-2024-42185 was published Jan 23, 2025
BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It... Low Unreviewed
CVE-2024-42183 was published Jan 23, 2025
BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can... Low Unreviewed
CVE-2024-42186 was published Jan 23, 2025
BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. ... Low Unreviewed
CVE-2024-42182 was published Jan 23, 2025
A vulnerability, which was classified as problematic, was found in CampCodes School Management... Low Unreviewed
CVE-2025-0625 was published Jan 22, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). ... Low Unreviewed
CVE-2025-21520 was published Jan 21, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security:... Low Unreviewed
CVE-2025-21546 was published Jan 21, 2025
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')... Low Unreviewed
CVE-2024-45687 was published Jan 21, 2025
A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as... Low Unreviewed
CVE-2024-13524 was published Jan 20, 2025
A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as... Low Unreviewed
CVE-2025-0575 was published Jan 20, 2025
A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This... Low Unreviewed
CVE-2025-0567 was published Jan 19, 2025
AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider Low
CVE-2025-23206 was published for aws-cdk-lib (npm) Jan 17, 2025
Multiple bash files were present in the application's private directory. Bash files can be used... Low Unreviewed
CVE-2024-54681 was published Jan 17, 2025
Hard-coded credentials were included as part of the application binary. These credentials served... Low Unreviewed
CVE-2024-45832 was published Jan 17, 2025
TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals,... Low Unreviewed
CVE-2024-11146 was published Jan 17, 2025
Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before... Low Unreviewed
CVE-2024-37181 was published Jan 16, 2025
In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject... Low Unreviewed
CVE-2024-53407 was published Jan 16, 2025
An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a... Low Unreviewed
CVE-2024-55503 was published Jan 16, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and... Low Unreviewed
CVE-2024-40839 was published Jan 15, 2025
OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O... Low Unreviewed
CVE-2024-5198 was published Jan 15, 2025
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message Low
GHSA-mqf3-qpc3-g26q was published for silverstripe/framework (Composer) Jan 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database