Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
Symfony HTTP Foundation web cache poisoning Moderate
CVE-2018-14773 was published for symfony/http-foundation (Composer) May 13, 2022
llupa Credited to llupa
A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. Moderate Unreviewed
CVE-2023-3749 was published Aug 3, 2023
AsyncSSH Rogue Extension Negotiation Moderate
CVE-2023-46445 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor Credited to TrueSkrillor and lambdafu lambdafu lambdafu
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability Moderate
CVE-2023-5548 was published for moodle/moodle (Composer) Nov 9, 2023
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode... Moderate Unreviewed
CVE-2023-51655 was published Dec 21, 2023
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p25 and <2.3.0b5... Moderate Unreviewed
CVE-2024-3367 was published Apr 16, 2024
aiosmtpd STARTTLS unencrypted commands injection Moderate
CVE-2024-34083 was published for aiosmtpd (pip) May 20, 2024
Arusekk Credited to Arusekk
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack... Moderate Unreviewed
CVE-2024-27185 was published Aug 20, 2024
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via... Moderate Unreviewed
CVE-2024-52555 was published Nov 15, 2024
check-jsonschema default caching for remote schemas allows for cache confusion Moderate
CVE-2024-53848 was published for check-jsonschema (pip) Dec 2, 2024
sethmlarson Credited to sethmlarson and sirosen sirosen sirosen
A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated,... Moderate Unreviewed
CVE-2025-20255 was published May 21, 2025
Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an... Moderate Unreviewed
CVE-2025-48804 was published Jul 8, 2025
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in... Moderate Unreviewed
CVE-2025-11703 was published Oct 18, 2025
NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack... Moderate Unreviewed
CVE-2025-11411 was published Oct 22, 2025
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote... Moderate Unreviewed
CVE-2025-68269 was published Dec 16, 2025
OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders Moderate
GHSA-rxmx-g7hr-8mx4 was published for openclaw (npm) Apr 7, 2026
D0ub1e-D Credited to D0ub1e-D
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database