Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

101,880 advisories

Loading
The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the ... High Unreviewed
CVE-2024-12404 was published Jan 11, 2025
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can... High Unreviewed
CVE-2024-42168 was published Jan 11, 2025
HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access... High Unreviewed
CVE-2024-42169 was published Jan 11, 2025
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin... High Unreviewed
CVE-2024-12627 was published Jan 11, 2025
A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables... High Unreviewed
CVE-2025-0104 was published Jan 11, 2025
Specially constructed queries cause cross platform scripting leaking administrator tokens High Unreviewed
CVE-2024-9188 was published Jan 11, 2025
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced... High Unreviewed
CVE-2024-9134 was published Jan 11, 2025
Backup uploads to ETM subject to man-in-the-middle interception High Unreviewed
CVE-2024-47519 was published Jan 11, 2025
A user with advanced report application access rights can perform actions for which they are not... High Unreviewed
CVE-2024-47520 was published Jan 11, 2025
A user with administrator privileges can perform command injection High Unreviewed
CVE-2024-9131 was published Jan 11, 2025
The administrator is able to configure an insecure captive portal script High Unreviewed
CVE-2024-9132 was published Jan 11, 2025
Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery ... High Unreviewed
CVE-2024-6662 was published Jan 10, 2025
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized... High Unreviewed
CVE-2025-21385 was published Jan 10, 2025
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose... High Unreviewed
CVE-2025-21380 was published Jan 10, 2025
In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user... High Unreviewed
CVE-2024-46464 was published Jan 10, 2025
Vaultwarden vulnerable to user impersonation High
CVE-2024-55225 was published for vaultwarden (Rust) Jan 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross... High Unreviewed
CVE-2024-13260 was published Jan 9, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable... High Unreviewed
CVE-2024-13276 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This... High Unreviewed
CVE-2024-13282 was published Jan 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request... High Unreviewed
CVE-2024-13284 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful... High Unreviewed
CVE-2024-13291 was published Jan 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request... High Unreviewed
CVE-2024-13244 was published Jan 9, 2025
Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful... High Unreviewed
CVE-2024-13256 was published Jan 9, 2025
Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege... High Unreviewed
CVE-2024-13251 was published Jan 9, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross... High Unreviewed
CVE-2024-13250 was published Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database