Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

265,116 advisories

Loading
Tiny File Manager v2.4.7 and below is vulnerable to session fixation. Critical Unreviewed
CVE-2022-40916 was published Feb 6, 2025
Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of... Low Unreviewed
CVE-2025-22475 was published Feb 4, 2025
A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks... High Unreviewed
CVE-2024-39556 was published Jul 11, 2024
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of... Critical Unreviewed
CVE-2024-3200 was published Jun 1, 2024
The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for... Moderate Unreviewed
CVE-2024-3268 was published May 21, 2024
The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's... High Unreviewed
CVE-2024-3518 was published May 22, 2024
Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows... Moderate Unreviewed
CVE-2024-20856 was published May 7, 2024
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7.... High Unreviewed
CVE-2023-6317 was published Apr 9, 2024
The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, as used with EDD 1.8.x... Moderate Unreviewed
CVE-2015-9512 was published May 24, 2022
The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8... Moderate Unreviewed
CVE-2015-9510 was published May 24, 2022
The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x... Moderate Unreviewed
CVE-2015-9530 was published May 24, 2022
The Easy Digital Downloads (EDD) Stripe extension for WordPress, as used with EDD 1.8.x before 1... Moderate Unreviewed
CVE-2015-9529 was published May 24, 2022
The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1... Moderate Unreviewed
CVE-2015-9526 was published May 24, 2022
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. Moderate Unreviewed
CVE-2019-15116 was published May 24, 2022
The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded Moderate
CVE-2024-11184 was published for mwdelaney/wp-enable-svg (Composer) Jan 2, 2025
Rudloff
Jenkins discloses project names via fingerprints High
CVE-2015-5317 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Connect-CMS information that is restricted to viewing is visible High
GHSA-2237-5r9w-vm8j was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Connect-CMS Access control vulnerability Moderate
GHSA-5rjc-jc28-cwgg was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Juju controller - Arbitrary file reading vulnerability Moderate
CVE-2023-0092 was published for github.com/juju/juju (Go) Mar 1, 2023
yhy0
ESPHome vulnerable to remote code execution via arbitrary file write High
CVE-2024-27081 was published for esphome (pip) Mar 1, 2024
Connection leaking on idle timeout when TCP congested High
CVE-2024-22201 was published for org.eclipse.jetty.http2:http2-common (Maven) Feb 26, 2024
luffy1949
NodeBB Cross-site scripting (XSS) vulnerability Moderate
CVE-2024-57041 was published for nodebb (npm) Jan 24, 2025
Umbraco Rich Text Display allows Cross-Site Scripting Moderate
CVE-2024-55488 was published for Umbraco.Cms.Infrastructure (NuGet) Jan 22, 2025
xml2rfc has file inclusion irregularities Moderate
GHSA-432c-wxpg-m4q3 was published for xml2rfc (pip) Feb 7, 2025
SFTPGo has insufficient sanitization of user provided rsync command High
CVE-2025-24366 was published for github.com/drakkan/sftpgo (Go) Feb 7, 2025
ateamjkr
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database