Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,300
NuGet
760
pip
4,078
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

369 advisories

Loading
The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to,... Moderate Unreviewed
CVE-2025-12747 was published Nov 21, 2025
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is... Moderate Unreviewed
CVE-2025-12894 was published Nov 21, 2025
Tanium addressed an arbitrary file deletion vulnerability in TanOS. Moderate Unreviewed
CVE-2025-13225 was published Nov 19, 2025
IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due... Moderate Unreviewed
CVE-2025-33150 was published Nov 10, 2025
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and... Moderate Unreviewed
CVE-2025-58152 was published Oct 31, 2025
Contrast has insecure LUKS2 persistent storage partitions may be opened and used Moderate
GHSA-f5p4-p5q5-jv3h was published for github.com/edgelesssys/contrast (Go) Oct 28, 2025
katexochen tjade273
Credited to katexochen and tjade273
Constellation has insecure LUKS2 persistent storage partitions which may be opened and used High
CVE-2025-58356 was published for github.com/edgelesssys/constellation/v2 (Go) Oct 27, 2025
tjade273 daniel-weisse
msanft katexochen
Credited to tjade273, daniel-weisse, msanft, and katexochen
Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories Moderate
CVE-2025-11965 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
HCL Unica Platform is affected by unprotected files due to improper access controls.  These... Moderate Unreviewed
CVE-2025-31996 was published Oct 13, 2025
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an... Moderate Unreviewed
CVE-2025-11371 was published Oct 9, 2025
An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space... High Unreviewed
CVE-2025-59976 was published Oct 9, 2025
Apache Kylin Files or Directories Accessible to External Parties High
CVE-2025-61734 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated... Moderate Unreviewed
CVE-2025-37130 was published Sep 17, 2025
Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on... High Unreviewed
CVE-2025-3025 was published Sep 15, 2025
copyparty: Sharing a single file does not fully restrict access to other files in source folder Moderate
CVE-2025-58753 was published for copyparty (pip) Sep 9, 2025
CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability... Moderate Unreviewed
CVE-2025-9273 was published Sep 2, 2025
Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier... Moderate Unreviewed
CVE-2025-52460 was published Aug 28, 2025
Liferay Portal's unauthenticated users can access loaded files via URL before submitting the object entry Moderate
CVE-2025-43758 was published for com.liferay:com.liferay.frontend.js.web (Maven) Aug 22, 2025
MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an... Moderate Unreviewed
CVE-2025-51818 was published Aug 21, 2025
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose... High Unreviewed
CVE-2009-10005 was published Aug 20, 2025
Liferay Portal Unauthenticated File Access via URL Moderate
CVE-2025-43749 was published for com.liferay.portal:release.portal.bom (Maven) Aug 20, 2025
NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate... High Unreviewed
CVE-2025-23276 was published Aug 3, 2025
Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories... Moderate Unreviewed
CVE-2025-30103 was published Jul 30, 2025
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience... High Unreviewed
CVE-2025-34139 was published Jul 25, 2025
OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui... High Unreviewed
CVE-2023-41566 was published Jul 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database