Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,331
Erlang
31
GitHub Actions
21
Go
2,093
Maven
5,000+
npm
3,756
NuGet
678
pip
3,443
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

122,146 advisories

Loading
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
MathLive's Lack of Escaping of HTML allows for XSS Moderate
GHSA-qwj6-q94f-8425 was published for mathlive (npm) Jan 21, 2025
nsysean arnog
Missing validation of header name and value in codeigniter4/framework Moderate
CVE-2025-24013 was published for codeigniter4/framework (Composer) Jan 21, 2025
neznaika0
gix-worktree-state nonexclusive checkout sets executable files world-writable Moderate
CVE-2025-22620 was published for gix-worktree-state (Rust) Jan 21, 2025
EliahKagan
Use of Insufficiently Random Values in undici Moderate
CVE-2025-22150 was published for undici (npm) Jan 21, 2025
mcollina parrot409
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet Moderate
CVE-2025-22131 was published for phpoffice/phpspreadsheet (Composer) Jan 21, 2025
TRIKKSS
Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop Moderate
CVE-2024-10846 was published for github.com/compose-spec/compose-go/v2 (Go) Jan 21, 2025
ahollmann idsulik
thaJeztah glours gbrindisi
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components Moderate
CVE-2025-24012 was published for @umbraco-cms/backoffice (npm) Jan 21, 2025
Nexusss-ppatil
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify Moderate
CVE-2025-23221 was published for @fedify/fedify (npm) Jan 21, 2025
nnfrog
Websites were able to send any requests to the development server and read the response in vite Moderate
CVE-2025-24010 was published for vite (npm) Jan 21, 2025
ivantsepp
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page Moderate Unreviewed
CVE-2025-24459 was published Jan 21, 2025
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs Moderate Unreviewed
CVE-2025-24457 was published Jan 21, 2025
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper... Moderate Unreviewed
CVE-2025-24461 was published Jan 21, 2025
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in... Moderate Unreviewed
CVE-2025-24460 was published Jan 21, 2025
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication... Moderate Unreviewed
CVE-2025-24456 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-22661 was published Jan 21, 2025
Missing Authorization vulnerability in Widget Options Team Widget Options allows Exploiting... Moderate Unreviewed
CVE-2025-22722 was published Jan 21, 2025
Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and... Moderate Unreviewed
CVE-2025-22721 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-22276 was published Jan 21, 2025
Cross-Site Request Forgery (CSRF) vulnerability in anyroad.com AnyRoad allows Cross Site Request... Moderate Unreviewed
CVE-2025-23996 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-22267 was published Jan 21, 2025
A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user... Moderate Unreviewed
CVE-2024-54792 was published Jan 21, 2025
SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create... Moderate Unreviewed
CVE-2024-54795 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-22262 was published Jan 21, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-22732 was published Jan 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database