Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,300
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
A flaw was found in Yelp. The Gnome user help application allows the help document to execute... Moderate Unreviewed
CVE-2025-3155 was published Apr 3, 2025
Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd... Moderate Unreviewed
CVE-2024-52976 was published May 1, 2025
In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This... Moderate Unreviewed
CVE-2025-33027 was published Apr 15, 2025
In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability... Moderate Unreviewed
CVE-2025-33026 was published Apr 15, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Moderate Unreviewed
CVE-2024-56216 was published Dec 31, 2024
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel,... Moderate Unreviewed
CVE-2024-4359 was published Aug 12, 2024
Improper Locking in JetBrains Kotlin Moderate
CVE-2022-24329 was published for org.jetbrains.kotlin:kotlin-stdlib (Maven) Feb 26, 2022
Anki Latex Incomplete Blocklist Vulnerability Moderate
CVE-2024-29073 was published for anki (pip) Jul 22, 2024
Jayy001
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access... Moderate Unreviewed
CVE-2024-5693 was published Jun 11, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Moderate Unreviewed
CVE-2024-35650 was published Jun 10, 2024
Moderate severity vulnerability that affects org.springframework:spring-core Moderate
CVE-2018-11040 was published for org.springframework:spring-core (Maven) Oct 16, 2018
sunSUNQ SunBK201
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer... Moderate Unreviewed
CVE-2023-31170 was published Aug 31, 2023
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer... Moderate Unreviewed
CVE-2023-31168 was published Aug 31, 2023
A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace... Moderate Unreviewed
CVE-2019-16951 was published May 24, 2022
A same-origin policy violation occurs allowing the theft of cross-origin images through a... Moderate Unreviewed
CVE-2019-11742 was published May 24, 2022
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1... Moderate Unreviewed
CVE-2023-21440 was published Feb 9, 2023
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access... Moderate Unreviewed
CVE-2019-4263 was published May 24, 2022
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4 Moderate
CVE-2021-26272 was published for ckeditor4 (npm) Oct 13, 2021
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow... Moderate Unreviewed
CVE-2018-8351 was published May 13, 2022
Command Injection in @theia/messages Moderate
CVE-2021-28162 was published for @theia/messages (npm) May 10, 2021
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an... Moderate Unreviewed
CVE-2022-29845 was published May 12, 2022
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier,... Moderate Unreviewed
CVE-2021-20843 was published May 24, 2022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5... Moderate Unreviewed
CVE-2021-29777 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience... Moderate Unreviewed
CVE-2021-31927 was published May 24, 2022
If an image had not loaded correctly (such as when it is not actually an image), it could be... Moderate Unreviewed
CVE-2019-17014 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database