Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

113,453 advisories

Loading
CKAN has an XSS vector in user uploaded images in group/org and user profiles High
CVE-2025-24372 was published for ckan (pip) Feb 5, 2025
m4dn355
Credited to m4dn355
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to... High Unreviewed
CVE-2024-2878 was published Feb 5, 2025
An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9... High Unreviewed
CVE-2024-9631 was published Feb 5, 2025
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and... High Unreviewed
CVE-2024-49352 was published Feb 5, 2025
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses... High Unreviewed
CVE-2025-0725 was published Feb 5, 2025
The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing... High Unreviewed
CVE-2025-1028 was published Feb 5, 2025
NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote... High Unreviewed
CVE-2025-25246 was published Feb 5, 2025
Cockpit Arbitrary File Upload High
CVE-2025-1025 was published for cockpit-hq/cockpit (Composer) Feb 5, 2025
Browsershot Path Traversal High
CVE-2025-1022 was published for spatie/browsershot (Composer) Feb 5, 2025
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated... High Unreviewed
CVE-2024-13723 was published Feb 5, 2025
Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to... High Unreviewed
CVE-2024-11467 was published Feb 5, 2025
Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to... High Unreviewed
CVE-2024-11468 was published Feb 5, 2025
In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application... High Unreviewed
CVE-2023-40222 was published Feb 5, 2025
In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application... High Unreviewed
CVE-2023-39943 was published Feb 5, 2025
Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability... High Unreviewed
CVE-2025-0413 was published Feb 5, 2025
Sparkle Signing Checks Bypass High
CVE-2025-0509 was published for github.com/sparkle-project/Sparkle (Swift) Feb 4, 2025
MarbleRun unauthenticated recovery allows Coordinator impersonation High
GHSA-w7wm-2425-7p2h was published for github.com/edgelesssys/marblerun (Go) Feb 4, 2025
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low... High Unreviewed
CVE-2025-23058 was published Feb 4, 2025
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered... High Unreviewed
CVE-2022-43934 was published Feb 4, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2025-22700 was published Feb 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22794 was published Feb 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23645 was published Feb 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-24598 was published Feb 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-24599 was published Feb 4, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-24602 was published Feb 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database