GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,895
Composer 4,779
Erlang 36
GitHub Actions 29
Go 2,338
Maven 5,642
npm 3,972
NuGet 714
pip 3,769
Pub 12
RubyGems 923
Rust 976
Swift 38

Unreviewed advisories

All unreviewed 259,812

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

122,243 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs... Moderate Unreviewed

CVE-2025-4955 was published Jun 18, 2025

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before... Moderate Unreviewed

CVE-2025-49176 was published Jun 17, 2025

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote ... Moderate Unreviewed

CVE-2025-22490 was published Jun 6, 2025

A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify... Moderate Unreviewed

CVE-2024-12088 was published Jan 14, 2025

A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers... Moderate Unreviewed

CVE-2022-28975 was published Jan 9, 2024

Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker... Moderate Unreviewed

CVE-2023-27000 was published Jan 9, 2024

APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection. Moderate Unreviewed

CVE-2023-50093 was published Jan 3, 2024

HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download)... Moderate Unreviewed

CVE-2023-50344 was published Jan 3, 2024

A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an... Moderate Unreviewed

CVE-2025-20234 was published Jun 18, 2025

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0... Moderate Unreviewed

CVE-2025-1348 was published Jun 18, 2025

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0... Moderate Unreviewed

CVE-2025-1349 was published Jun 18, 2025

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0... Moderate Unreviewed

CVE-2024-54183 was published Jun 18, 2025

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0... Moderate Unreviewed

CVE-2024-54172 was published Jun 18, 2025

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote ... Moderate Unreviewed

CVE-2025-29877 was published Jun 6, 2025

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote ... Moderate Unreviewed

CVE-2025-29873 was published Jun 6, 2025

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote ... Moderate Unreviewed

CVE-2025-29876 was published Jun 6, 2025

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed

CVE-2024-50443 was published Oct 28, 2024

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect... Moderate Unreviewed

CVE-2023-6627 was published Jan 8, 2024

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to... Moderate Unreviewed

CVE-2023-6529 was published Jan 8, 2024

When a transaction is committed, C Xenstored will first check the quota is correct before... Moderate Unreviewed

CVE-2023-34323 was published Jan 5, 2024

SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive... Moderate Unreviewed

CVE-2024-40570 was published Jun 17, 2025

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows... Moderate Unreviewed

CVE-2025-43699 was published Jun 10, 2025

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the... Moderate Unreviewed

CVE-2023-49557 was published Jan 3, 2024

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating... Moderate Unreviewed

CVE-2023-6000 was published Jan 1, 2024

A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1 beta allows attackers to execute... Moderate Unreviewed

CVE-2025-45661 was published Jun 18, 2025

Previous 1 2 3 4 5 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

122,243 advisories