Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

173 advisories

Loading
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups... Moderate Unreviewed
CVE-2020-24312 was published May 24, 2022
WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent... Moderate Unreviewed
CVE-2024-29225 was published Apr 4, 2024
OpenStack Swift XML external entities (XXE) Injection Moderate
CVE-2022-47950 was published for swift (pip) Jan 18, 2023
The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web... Moderate Unreviewed
CVE-2024-13126 was published Mar 16, 2025
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. Moderate
CVE-2024-49756 was published for ash_postgres (Erlang) Oct 23, 2024
maennchen rapidfsub
zachdaniel
Credited to maennchen, rapidfsub, and zachdaniel
The sourceMapURL feature in devtools was missing security checks that would have allowed a... Moderate Unreviewed
CVE-2022-28283 was published Dec 22, 2022
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an... Moderate Unreviewed
CVE-2022-23738 was published Nov 1, 2022
Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure Moderate
CVE-2022-43414 was published for org.jenkins-ci.plugins:nunit (Maven) Oct 19, 2022
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as... Moderate Unreviewed
CVE-2025-2038 was published Mar 6, 2025
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear... Moderate Unreviewed
CVE-2025-2651 was published Mar 23, 2025
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with... Moderate Unreviewed
CVE-2024-22240 was published Feb 6, 2024
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated... Moderate Unreviewed
CVE-2022-3287 was published Sep 29, 2022
A vulnerability classified as critical was found in SourceCodester Client Database Management... Moderate Unreviewed
CVE-2025-4909 was published May 19, 2025
Markdownify MCP Server allows attackers to read arbitrary files Moderate
CVE-2025-5273 was published for mcp-markdownify-server (npm) May 29, 2025
The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with... Moderate Unreviewed
CVE-2025-4634 was published May 30, 2025
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when... Moderate Unreviewed
CVE-2025-0620 was published Jun 6, 2025
The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which... Moderate Unreviewed
CVE-2024-8031 was published May 15, 2025
Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation... Moderate Unreviewed
CVE-2023-52112 was published Jan 16, 2024
Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories... Moderate Unreviewed
CVE-2025-30103 was published Jul 30, 2025
MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an... Moderate Unreviewed
CVE-2025-51818 was published Aug 21, 2025
Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry Moderate
CVE-2025-43758 was published for com.liferay:com.liferay.frontend.js.web (Maven) Aug 22, 2025
Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier... Moderate Unreviewed
CVE-2025-52460 was published Aug 28, 2025
CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability... Moderate Unreviewed
CVE-2025-9273 was published Sep 2, 2025
copyparty: Sharing a single file does not fully restrict access to other files in source folder Moderate
CVE-2025-58753 was published for copyparty (pip) Sep 9, 2025
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated... Moderate Unreviewed
CVE-2025-37130 was published Sep 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database