Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

164 advisories

Loading
Error handling for script execution was incorrectly isolated from web content, which could have... Moderate Unreviewed
CVE-2025-5263 was published May 27, 2025
A phishing site could have repurposed an `about:` dialog to show phishing content with an... Moderate Unreviewed
CVE-2024-0749 was published Jan 23, 2024
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2.... Moderate Unreviewed
CVE-2025-4515 was published May 10, 2025
@misskey-dev/summaly allows IP Filter Bypass via Redirect Moderate
GHSA-jqx4-9gpq-rppm was published for @misskey-dev/summaly (npm) May 6, 2025
warriordog
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block... Moderate Unreviewed
CVE-2020-11868 was published May 24, 2022
Apache Knox allows impersonation of users Moderate
CVE-2017-5646 was published for org.apache.knox:gateway-provider-identity-assertion-common (Maven) May 13, 2022
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local... Moderate Unreviewed
CVE-2025-43929 was published Apr 20, 2025
When viewing an email message A, which contains an attached message B, where B is encrypted or... Moderate Unreviewed
CVE-2022-1520 was published Dec 22, 2022
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have... Moderate Unreviewed
CVE-2022-22757 was published Dec 22, 2022
The Performance API did not properly hide the fact whether a request cross-origin resource has... Moderate Unreviewed
CVE-2022-29915 was published Dec 22, 2022
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a... Moderate Unreviewed
CVE-2025-3071 was published Apr 2, 2025
A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is... Moderate Unreviewed
CVE-2024-45354 was published Mar 27, 2025
An intent redriction vulnerability exists in the Xiaomi quick App framework application product.... Moderate Unreviewed
CVE-2024-45353 was published Mar 27, 2025
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0... Moderate Unreviewed
CVE-2023-0132 was published Jan 10, 2023
An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious... Moderate Unreviewed
CVE-2025-23117 was published Mar 1, 2025
A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or... Moderate Unreviewed
CVE-2025-1102 was published Feb 12, 2025
esbuild enables any website to send any requests to the development server and read the response Moderate
GHSA-67mh-4wv8-2f99 was published for esbuild (npm) Feb 10, 2025
sapphi-red
Websites were able to send any requests to the development server and read the response in vite Moderate
CVE-2025-24010 was published for vite (npm) Jan 21, 2025
ivantsepp
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and... Moderate Unreviewed
CVE-2023-2445 was published May 2, 2023
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated... Moderate Unreviewed
CVE-2023-29868 was published May 2, 2023
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker... Moderate Unreviewed
CVE-2023-29867 was published May 2, 2023
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13... Moderate Unreviewed
CVE-2023-27932 was published May 8, 2023
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3,... Moderate Unreviewed
CVE-2023-27962 was published May 8, 2023
A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of... Moderate Unreviewed
CVE-2023-28318 was published May 10, 2023
There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate... Moderate Unreviewed
CVE-2024-22062 was published Jul 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database