GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,605
Composer 4,714
Erlang 34
GitHub Actions 28
Go 2,297
Maven 5,575
npm 3,942
NuGet 708
pip 3,711
Pub 12
RubyGems 920
Rust 959
Swift 38

Unreviewed advisories

All unreviewed 256,641

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

257 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as... Low Unreviewed

CVE-2025-4839 was published May 18, 2025

SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS)... High Unreviewed

CVE-2025-46737 was published May 12, 2025

"This issue is limited to motherboards and does not affect laptops, desktop computers, or other... High Unreviewed

CVE-2025-3462 was published May 9, 2025

A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统... Low Unreviewed

CVE-2025-4542 was published May 11, 2025

A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2.... Moderate Unreviewed

CVE-2025-4515 was published May 10, 2025

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block... Moderate Unreviewed

CVE-2020-11868 was published May 24, 2022

open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local... Moderate Unreviewed

CVE-2025-43929 was published Apr 20, 2025

avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with... Critical Unreviewed

CVE-2017-6519 was published May 13, 2022

Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions below... Critical Unreviewed

CVE-2025-3651 was published Apr 17, 2025

When viewing an email message A, which contains an attached message B, where B is encrypted or... Moderate Unreviewed

CVE-2022-1520 was published Dec 22, 2022

Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have... Moderate Unreviewed

CVE-2022-22757 was published Dec 22, 2022

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking... High Unreviewed

CVE-2022-42927 was published Dec 22, 2022

The Performance API did not properly hide the fact whether a request cross-origin resource has... Moderate Unreviewed

CVE-2022-29915 was published Dec 22, 2022

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a... Moderate Unreviewed

CVE-2025-3071 was published Apr 2, 2025

Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service. High Unreviewed

CVE-2021-33959 was published Jan 18, 2023

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is... Moderate Unreviewed

CVE-2024-45354 was published Mar 27, 2025

An intent redriction vulnerability exists in the Xiaomi quick App framework application product.... Moderate Unreviewed

CVE-2024-45353 was published Mar 27, 2025

An code execution vulnerability exists in the Xiaomi smarthome application product. The... High Unreviewed

CVE-2024-45352 was published Mar 27, 2025

Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0... Moderate Unreviewed

CVE-2023-0132 was published Jan 10, 2023

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This... High Unreviewed

CVE-2024-8024 was published Mar 20, 2025

A CORS misconfiguration in danswer-ai/danswer v1.4.1 allows attackers to steal sensitive... High Unreviewed

CVE-2024-7819 was published Mar 20, 2025

An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious... Moderate Unreviewed

CVE-2025-23117 was published Mar 1, 2025

A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or... Moderate Unreviewed

CVE-2025-1102 was published Feb 12, 2025

A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0.... Low Unreviewed

CVE-2025-1083 was published Feb 7, 2025

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and... Moderate Unreviewed

CVE-2023-2445 was published May 2, 2023

Previous 1 2 3 4 5 … 10 11 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

257 advisories