Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,558
Maven
5,000+
npm
4,232
NuGet
751
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

58 advisories

Loading
In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is... High Unreviewed
CVE-2019-11770 was published May 24, 2022
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a... High Unreviewed
CVE-2019-13263 was published May 24, 2022
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a... High Unreviewed
CVE-2020-15892 was published May 24, 2022
Publify `guest` role users can self-register even when the admin does not allow it Moderate
CVE-2021-25973 was published for publify_core (RubyGems) Nov 3, 2021
oliverchang
Credited to oliverchang
containerd-shim API Exposed to Host Network Containers Moderate
CVE-2020-15257 was published for github.com/containerd/containerd (Go) May 24, 2021
ChaosData
Credited to ChaosData
Moby's external DNS requests from 'internal' networks could lead to data exfiltration Moderate
CVE-2024-29018 was published for github.com/docker/docker (Go) Mar 20, 2024
robmry akerouanton
neersighted gabriellavengeo cibofo
Credited to robmry, akerouanton, neersighted, gabriellavengeo, and cibofo
FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV)... High Unreviewed
CVE-2012-2979 was published Apr 23, 2022
SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without... High Unreviewed
CVE-2019-1020011 was published May 24, 2022
Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side... High Unreviewed
CVE-2018-17791 was published May 24, 2022
PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. Critical Unreviewed
CVE-2022-4446 was published Dec 13, 2022
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in... Moderate Unreviewed
CVE-2023-22950 was published Apr 13, 2023
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300.... Critical Unreviewed
CVE-2023-31114 was published Jun 7, 2023
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300.... High Unreviewed
CVE-2023-31115 was published Jun 7, 2023
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of... High Unreviewed
CVE-2023-44104 was published Oct 11, 2023
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of... High Unreviewed
CVE-2023-44100 was published Oct 11, 2023
yt-dlp File system modification and RCE through improper file-extension sanitization High
CVE-2024-38519 was published for yt-dlp (pip) Jul 2, 2024
pukkandan JarLob
Grub4K
Credited to pukkandan, JarLob, and Grub4K
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use... Moderate Unreviewed
CVE-2024-42158 was published Jul 30, 2024
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects Moderate
CVE-2024-37891 was published for urllib3 (pip) Jun 17, 2024
pquentin illia-v
G-Rath
Credited to pquentin, illia-v, and G-Rath
A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX... Moderate Unreviewed
CVE-2017-14013 was published May 13, 2022
@misskey-dev/summaly Redirect Filter Bypass Low
CVE-2025-46553 was published for @misskey-dev/summaly (npm) May 5, 2025
warriordog
Credited to warriordog
An unauthenticated remote attacker could use a demo account of the portal to hijack devices that... High Unreviewed
CVE-2025-41645 was published May 13, 2025
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization High
GHSA-22fp-mf44-f2mq was published for youtube-dl (pip) Apr 18, 2025
pukkandan JarLob
Grub4K dirkf rhdesmond
Credited to pukkandan, JarLob, Grub4K, dirkf, and rhdesmond
qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL... Moderate Unreviewed
CVE-2025-54310 was published Jul 18, 2025
WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts... Low Unreviewed
CVE-2025-54352 was published Jul 21, 2025
The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the... Low Unreviewed
CVE-2025-54956 was published Aug 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database