Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,207
Maven
5,000+
npm
3,858
NuGet
696
pip
3,639
Pub
12
RubyGems
913
Rust
918
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

249,665 advisories

Loading
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection... Unknown Unreviewed
CVE-2025-28090 was published Mar 29, 2025
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled... Unknown Unreviewed
CVE-2025-28089 was published Mar 29, 2025
maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. Unknown Unreviewed
CVE-2025-28091 was published Mar 29, 2025
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. Unknown Unreviewed
CVE-2025-28092 was published Mar 29, 2025
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. Unknown Unreviewed
CVE-2025-28093 was published Mar 29, 2025
shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. Unknown Unreviewed
CVE-2025-28094 was published Mar 29, 2025
Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php. Unknown Unreviewed
CVE-2025-28087 was published Mar 29, 2025
In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have... High Unreviewed
CVE-2024-58130 was published Mar 29, 2025
In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without... Moderate Unreviewed
CVE-2024-58128 was published Mar 29, 2025
In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e.,... Moderate Unreviewed
CVE-2024-58129 was published Mar 29, 2025
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. Unknown Unreviewed
CVE-2025-25579 was published Mar 29, 2025
Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker... Unknown Unreviewed
CVE-2025-28254 was published Mar 28, 2025
InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code... Unknown Unreviewed
CVE-2024-56975 was published Mar 28, 2025
A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of... Unknown Unreviewed
CVE-2024-57083 was published Mar 28, 2025
A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API... Moderate Unreviewed
CVE-2024-6875 was published Mar 28, 2025
A SQL injection vulnerability exists in the Epicor HCM 2021 1.9, specifically in the filter... Unknown Unreviewed
CVE-2025-22953 was published Mar 28, 2025
A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical.... Moderate Unreviewed
CVE-2025-2927 was published Mar 28, 2025
An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary... Unknown Unreviewed
CVE-2025-28256 was published Mar 28, 2025
A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This... Moderate Unreviewed
CVE-2025-2925 was published Mar 28, 2025
A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects... Moderate Unreviewed
CVE-2025-2926 was published Mar 28, 2025
A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This... Moderate Unreviewed
CVE-2025-2924 was published Mar 28, 2025
janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype... Unknown Unreviewed
CVE-2024-38985 was published Mar 28, 2025
alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports... Unknown Unreviewed
CVE-2024-38988 was published Mar 28, 2025
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary... Unknown Unreviewed
CVE-2024-24292 was published Mar 28, 2025
A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this... Low Unreviewed
CVE-2025-2922 was published Mar 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database