Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,721
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,946
NuGet
711
pip
3,719
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

144 advisories

Loading
Error handling for script execution was incorrectly isolated from web content, which could have... Moderate Unreviewed
CVE-2025-5263 was published May 27, 2025
A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2.... Moderate Unreviewed
CVE-2025-4515 was published May 10, 2025
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local... Moderate Unreviewed
CVE-2025-43929 was published Apr 20, 2025
Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a... Moderate Unreviewed
CVE-2025-3071 was published Apr 2, 2025
A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is... Moderate Unreviewed
CVE-2024-45354 was published Mar 27, 2025
An intent redriction vulnerability exists in the Xiaomi quick App framework application product.... Moderate Unreviewed
CVE-2024-45353 was published Mar 27, 2025
An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious... Moderate Unreviewed
CVE-2025-23117 was published Mar 1, 2025
A CWE-346 "Origin Validation Error" in the CORS configuration in Q-Free MaxTime less than or... Moderate Unreviewed
CVE-2025-1102 was published Feb 12, 2025
Vulnerability in the Oracle Communications Order and Service Management product of Oracle... Moderate Unreviewed
CVE-2025-21542 was published Jan 21, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported... Moderate Unreviewed
CVE-2025-21497 was published Jan 21, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component:... Moderate Unreviewed
CVE-2024-21245 was published Jan 21, 2025
A ZigBee coordinator, router, or end device may change their node ID when an unsolicited... Moderate Unreviewed
CVE-2024-7322 was published Jan 15, 2025
An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0... Moderate Unreviewed
CVE-2023-46715 was published Jan 14, 2025
Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the... Moderate Unreviewed
CVE-2025-23109 was published Jan 11, 2025
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests... Moderate Unreviewed
CVE-2024-56170 was published Dec 18, 2024
A cookie management issue was addressed with improved state management. This issue is fixed in... Moderate Unreviewed
CVE-2024-44212 was published Dec 12, 2024
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2.... Moderate Unreviewed
CVE-2024-54490 was published Dec 12, 2024
MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking. Moderate Unreviewed
CVE-2024-45495 was published Nov 29, 2024
An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 allows attackers to cause... Moderate Unreviewed
CVE-2024-51072 was published Nov 22, 2024
An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2024-51037 was published Nov 15, 2024
The origin of an external protocol handler prompt could have been obscured using a data: URL... Moderate Unreviewed
CVE-2024-10460 was published Oct 29, 2024
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of... Moderate Unreviewed
CVE-2024-44187 was published Sep 17, 2024
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed... Moderate Unreviewed
CVE-2024-7978 was published Aug 21, 2024
There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate... Moderate Unreviewed
CVE-2024-22062 was published Jul 9, 2024
Lack of validation of origin in federation API in Conduit, allowing any remote server to... Moderate Unreviewed
CVE-2024-6301 was published Jun 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database