Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,339
Erlang
31
GitHub Actions
22
Go
2,099
Maven
5,000+
npm
3,763
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+

264,021 advisories

Loading
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-4875 was published May 21, 2024
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed... Moderate Unreviewed
CVE-2023-37006 was published Jan 22, 2025
The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when... Moderate Unreviewed
CVE-2024-12280 was published Jan 27, 2025
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-9861 was published Oct 17, 2024
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-2392 was published Mar 22, 2024
Potential DoS when using ContextLines integration Low
GHSA-r5w7-f542-q2j4 was published for @sentry/astro (npm) Jan 28, 2025
mstrokin
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
ArgoCD Namespace Isolation Break High
CVE-2024-13484 was published for github.com/argoproj/argo-cd/v2 (Go) Jan 28, 2025
ismp-grandpa crate accepted incorrect signatures Critical
CVE-2025-24800 was published for grandpa-verifier (Rust) Jan 28, 2025
Insecure Temporary File usage in github.com/golang/glog Moderate
CVE-2024-45339 was published for github.com/golang/glog (Go) Jan 28, 2025
Apache Ambari XML External Entity injection Moderate
CVE-2023-50380 was published for org.apache.ambari.contrib.views:wfmanager (Maven) Feb 27, 2024
oscerd
Infinispan vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-0736 was published for org.infinispan:infinispan-parent (Maven) Jan 28, 2025
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc) Moderate
CVE-2025-24856 was published for causal/oidc (Composer) Jan 28, 2025
CRI-O Path Traversal vulnerability Moderate
CVE-2025-0750 was published for github.com/cri-o/cri-o (Go) Jan 28, 2025
pimcore/customer-data-framework vulnerable to SQL Injection Moderate
CVE-2024-11956 was published for pimcore/customer-management-framework-bundle (Composer) Jan 28, 2025
maeitsec
Duplicate Advisory: pimcore/customer-data-framework vulnerable to SQL Injection: Hibernate Moderate
GHSA-8m8m-98c9-vw7q was published for pimcore/customer-data-framework (Composer) Jan 28, 2025 withdrawn
Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document High
GHSA-xr3m-6gq6-22cg was published for pimcore/pimcore (Composer) Jan 28, 2025
maeitsec
A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS... High Unreviewed
CVE-2025-24159 was published Jan 28, 2025
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma... Critical Unreviewed
CVE-2025-24163 was published Jan 28, 2025
The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter... Moderate Unreviewed
CVE-2024-12723 was published Jan 28, 2025
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI... Moderate Unreviewed
CVE-2024-45341 was published Jan 28, 2025
Credentials provided via the new GOAUTH feature were not being properly segmented by domain,... High Unreviewed
CVE-2024-45340 was published Jan 28, 2025
The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of... Moderate Unreviewed
CVE-2024-12807 was published Jan 28, 2025
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when... High Unreviewed
CVE-2025-22865 was published Jan 28, 2025
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a... Moderate Unreviewed
CVE-2024-45336 was published Jan 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database