Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Loading
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An... Moderate Unreviewed
CVE-2026-42797 was published May 26, 2026
SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information High
CVE-2026-30778 was published for org.apache.skywalking:server-core (Maven) Apr 16, 2026
free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication High
CVE-2026-40245 was published for github.com/free5gc/udr (Go) Apr 14, 2026
Giancannella Credited to Giancannella and FrancescoDAlterio FrancescoDAlterio FrancescoDAlterio
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in... Moderate Unreviewed
CVE-2026-3546 was published Mar 21, 2026
geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure High
CVE-2025-69662 was published for geopandas (pip) Jan 30, 2026
Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy Low
CVE-2026-25050 was published for @vendure/core (npm) Jan 30, 2026
AIOHTTP vulnerable to brute-force leak of internal static file path components Low
CVE-2025-69226 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma Credited to ThomasRinsma, Dreamsorcerer, and bdraco Dreamsorcerer Dreamsorcerer
bdraco bdraco
Unauthenticated Craft CMS users can trigger a database backup High
CVE-2025-68456 was published for craftcms/cms (Composer) Jan 5, 2026
h4x0r-dz Credited to h4x0r-dz
phpMyFAQ has unauthenticated config backup download via /api/setup/backup High
CVE-2025-69200 was published for thorsten/phpmyfaq (Composer) Dec 30, 2025
eclipse07077-ljw Credited to eclipse07077-ljw
DragonFly vulnerable to arbitrary file read and write on a peer machine Moderate
CVE-2025-59352 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi Credited to gaius-qi
Possible ORM Leak Vulnerability in the Harbor Moderate
CVE-2025-30086 was published for github.com/goharbor/harbor (Go) Jul 23, 2025
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive... High Unreviewed
CVE-2025-36575 was published Jun 10, 2025
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive... High Unreviewed
CVE-2025-29981 was published Apr 2, 2025
Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web... High Unreviewed
CVE-2024-13255 was published Jan 9, 2025
A vulnerability in the password change feature of Cisco Firepower Management Center (FMC)... Moderate Unreviewed
CVE-2024-20388 was published Oct 23, 2024
Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve... High Unreviewed
CVE-2024-6400 was published Oct 4, 2024
The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the... Moderate Unreviewed
CVE-2024-1287 was published Jul 30, 2024
An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the... Moderate Unreviewed
CVE-2024-38892 was published Jun 24, 2024
WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information. Moderate Unreviewed
CVE-2024-38895 was published Jun 24, 2024
WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information. Moderate Unreviewed
CVE-2024-38897 was published Jun 24, 2024
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive... High Unreviewed
CVE-2024-2088 was published May 22, 2024
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive... High Unreviewed
CVE-2023-7072 was published Mar 13, 2024
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance... Moderate Unreviewed
CVE-2023-20215 was published Aug 4, 2023
A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0... Moderate Unreviewed
CVE-2023-0785 was published Feb 12, 2023
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote... Moderate Unreviewed
CVE-2021-34782 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database