GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,372
Composer 4,669
Erlang 34
GitHub Actions 26
Go 2,261
Maven 5,512
npm 3,910
NuGet 704
pip 3,680
Pub 12
RubyGems 915
Rust 943
Swift 38

Unreviewed advisories

All unreviewed 253,321

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

11,853 advisories

Filter by severity

Sort by

Least recently updated

In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to... Low Unreviewed

CVE-2025-46675 was published Apr 27, 2025

NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially... Low Unreviewed

CVE-2025-46672 was published Apr 27, 2025

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended... Low Unreviewed

CVE-2025-46674 was published Apr 27, 2025

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as ... Low Unreviewed

CVE-2025-46656 was published Apr 27, 2025

Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent... Low Unreviewed

CVE-2025-46653 was published Apr 26, 2025

Moodle has a CSRF risk in Brickfield tool's analysis request action Low

CVE-2025-3638 was published for moodle/moodle (Composer) Apr 25, 2025

Moodle has a CSRF risk in user tours manager that allows tour duplication Low

CVE-2025-3635 was published for moodle/moodle (Composer) Apr 25, 2025

Moodle's mod_data edit/delete pages pass CSRF token in GET parameter Low

CVE-2025-3637 was published for moodle/moodle (Composer) Apr 25, 2025

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab Low Unreviewed

CVE-2025-46618 was published Apr 25, 2025

Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically... Low Unreviewed

CVE-2024-57375 was published Apr 25, 2025

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an... Low Unreviewed

CVE-2025-46546 was published Apr 25, 2025

Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Low Unreviewed

CVE-2024-30127 was published Apr 24, 2025

Missing "no cache" headers in HCL Leap permits user directory information to be cached. Low Unreviewed

CVE-2023-37516 was published Apr 24, 2025

Insufficient sanitization in HCL Leap allows client-side script injection in the authoring... Low Unreviewed

CVE-2024-30114 was published Apr 24, 2025

Mattermost Playbooks fails to properly validate permissions Low

CVE-2025-41423 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information... Low Unreviewed

CVE-2025-25046 was published Apr 24, 2025

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv... Low Unreviewed

CVE-2024-58251 was published Apr 23, 2025

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through... Low Unreviewed

CVE-2025-46394 was published Apr 23, 2025

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled ... Low Unreviewed

CVE-2025-46393 was published Apr 23, 2025

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after... Low Unreviewed

CVE-2025-43965 was published Apr 23, 2025

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an... Low Unreviewed

CVE-2025-23253 was published Apr 22, 2025

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may... Low Unreviewed

CVE-2025-2987 was published Apr 22, 2025

Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415 Low

GHSA-5w6v-399v-w3cc was published for nokogiri (RubyGems) Apr 21, 2025

Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. Low Unreviewed

CVE-2025-2517 was published Apr 21, 2025

OpenCMS Cross-Site Scripting vulnerability Low

CVE-2024-42699 was published for org.opencms:opencms-core (Maven) Apr 21, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

11,853 advisories