Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

274 advisories

Loading
gokey allows secret recovery from a seed file without the master password High
CVE-2025-13353 was published for github.com/cloudflare/gokey (Go) Dec 2, 2025
An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack... High Unreviewed
CVE-2024-56089 was published Dec 1, 2025
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A... High Unreviewed
CVE-2025-59371 was published Nov 25, 2025
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public... High Unreviewed
CVE-2025-13470 was published Nov 21, 2025
The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12787 was published Nov 11, 2025
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not... Moderate Unreviewed
CVE-2025-6515 was published Oct 20, 2025
The Banhammer – Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-10745 was published Sep 26, 2025
form-data uses unsafe random function in form-data for choosing boundary Critical
CVE-2025-7783 was published for form-data (npm) Jul 21, 2025
benweissmann ljharb
Credited to benweissmann and ljharb
A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0.... Moderate Unreviewed
CVE-2025-6931 was published Jul 1, 2025
Vantage6 Server JWT secret not cryptographically secure Low
CVE-2025-43866 was published for vantage6-server (pip) Jun 12, 2025
The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be... Low Unreviewed
CVE-2025-49198 was published Jun 12, 2025
The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-4607 was published May 31, 2025
SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt... Moderate Unreviewed
CVE-2024-50684 was published Feb 26, 2025
Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields,... Moderate Unreviewed
CVE-2024-10604 was published Jan 30, 2025
Use of Insufficiently Random Values in undici Moderate
CVE-2025-22150 was published for undici (npm) Jan 21, 2025
mcollina parrot409
Credited to mcollina and parrot409
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then... Moderate Unreviewed
CVE-2025-0218 was published Jan 7, 2025
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover... High Unreviewed
CVE-2024-12432 was published Dec 18, 2024
A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature... Moderate Unreviewed
CVE-2024-20331 was published Oct 23, 2024
Duplicate Advisory: Juju makes Use of Weak Credentials High
GHSA-phh4-3hmm-24rx was published for github.com/juju/juju (Go) Oct 2, 2024 withdrawn
An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate... High Unreviewed
CVE-2024-41708 was published Sep 25, 2024
Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection... Moderate Unreviewed
CVE-2024-6348 was published Aug 19, 2024
A vulnerability, which was classified as problematic, was found in projectsend up to r1605.... Moderate Unreviewed
CVE-2024-7659 was published Aug 12, 2024
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow... Moderate Unreviewed
CVE-2024-42164 was published Aug 12, 2024
Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow... Moderate Unreviewed
CVE-2024-42165 was published Aug 12, 2024
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in... High Unreviewed
CVE-2024-21460 was published Jul 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database