Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,706
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

10,566 advisories

Loading
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form... Low Unreviewed
CVE-2025-3513 was published May 2, 2025
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form... Low Unreviewed
CVE-2025-3514 was published May 2, 2025
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of... Low Unreviewed
CVE-2024-13381 was published May 1, 2025
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings,... Low Unreviewed
CVE-2025-3502 was published May 1, 2025
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings,... Low Unreviewed
CVE-2025-3504 was published May 1, 2025
Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Low Unreviewed
CVE-2023-37517 was published May 1, 2025
Unverified Password Change for ANC software that allows an authenticated attacker to bypass the... Low Unreviewed
CVE-2024-47784 was published Apr 30, 2025
DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on... Low Unreviewed
CVE-2025-3301 was published Apr 29, 2025
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of... Low Unreviewed
CVE-2024-12273 was published Apr 29, 2025
When a Web User without Create permission on subfolders attempts to upload a file to a non... Low Unreviewed
CVE-2025-0049 was published Apr 28, 2025
In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL... Low Unreviewed
CVE-2025-46614 was published Apr 28, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Low Unreviewed
CVE-2024-12706 was published Apr 28, 2025
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Low Unreviewed
CVE-2023-35816 was published Apr 28, 2025
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on... Low Unreviewed
CVE-2023-35815 was published Apr 28, 2025
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Low Unreviewed
CVE-2023-35814 was published Apr 28, 2025
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper... Low Unreviewed
CVE-2025-23376 was published Apr 28, 2025
The device’s passwords have not been adequately salted, making them vulnerable to password... Low Unreviewed
CVE-2025-32471 was published Apr 28, 2025
The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings... Low Unreviewed
CVE-2024-9771 was published Apr 28, 2025
The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not... Low Unreviewed
CVE-2025-0627 was published Apr 28, 2025
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF... Low Unreviewed
CVE-2025-2866 was published Apr 27, 2025
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a... Low Unreviewed
CVE-2024-52887 was published Apr 27, 2025
In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to... Low Unreviewed
CVE-2025-46675 was published Apr 27, 2025
NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended... Low Unreviewed
CVE-2025-46674 was published Apr 27, 2025
NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially... Low Unreviewed
CVE-2025-46672 was published Apr 27, 2025
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab Low Unreviewed
CVE-2025-46618 was published Apr 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database