GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,792
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+
133,535 advisories
Filter by severity
A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a...
Moderate
Unreviewed
CVE-2025-46406
was published
Jul 10, 2025
Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could...
Moderate
Unreviewed
CVE-2025-35983
was published
Jul 10, 2025
The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File...
Moderate
Unreviewed
CVE-2025-4406
was published
Jul 10, 2025
Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader...
Moderate
Unreviewed
CVE-2025-44003
was published
Jul 10, 2025
The Gwolle Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2025-5807
was published
Jul 10, 2025
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2025-6976
was published
Jul 10, 2025
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2025-6975
was published
Jul 10, 2025
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on...
Moderate
Unreviewed
CVE-2025-0140
was published
Jul 10, 2025
An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital...
Moderate
Unreviewed
CVE-2025-0139
was published
Jul 10, 2025
Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive...
Moderate
Unreviewed
CVE-2025-36599
was published
Jul 9, 2025
Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome...
Moderate
Unreviewed
CVE-2025-52357
was published
Jul 9, 2025
evesys 7.1 (2152) through 8.0 (2202) allows Reflected XSS via the indexeva.php action parameter.
Moderate
Unreviewed
CVE-2021-27961
was published
Jul 9, 2025
Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to...
Moderate
Unreviewed
CVE-2025-44525
was published
Jul 9, 2025
Jenkins Warrior Framework Plugin vulnerability exposes unencrypted passwords to certain authenticated users
Moderate
CVE-2025-53675
was published
for
org.jenkins-ci.plugins:warrior
(Maven)
Jul 9, 2025
Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form
Moderate
CVE-2025-53669
was published
for
org.jenkins-ci.plugins:vaddy-plugin
(Maven)
Jul 9, 2025
Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users
Moderate
CVE-2025-53676
was published
for
io.jenkins.plugins:xooa
(Maven)
Jul 9, 2025
Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token
Moderate
CVE-2025-53677
was published
for
io.jenkins.plugins:xooa
(Maven)
Jul 9, 2025
Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users
Moderate
CVE-2025-53742
was published
for
org.jenkins-ci.plugins:pplitools-eyes
(Maven)
Jul 9, 2025
Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form
Moderate
CVE-2025-53743
was published
for
org.jenkins-ci.plugins:applitools-eyes
(Maven)
Jul 9, 2025
Jenkins Statistics Gatherer Plugin does not mask AWS Secret Key
Moderate
CVE-2025-53655
was published
for
org.jenkins.plugins.statistics.gatherer:statistics-gatherer
(Maven)
Jul 9, 2025
Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets
Moderate
CVE-2025-53657
was published
for
org.jenkins-ci.plugins:soapui-pro-functional-testing
(Maven)
Jul 9, 2025
Jenkins QMetry Test Management Plugin stores unencrypted API keys
Moderate
CVE-2025-53659
was published
for
org.jenkins-ci.plugins:qmetry-test-management
(Maven)
Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability does not mask tokens
Moderate
CVE-2025-53667
was published
for
org.jenkins-ci.plugins:deadmanssnitch
(Maven)
Jul 9, 2025
Jenkins Dead Man's Snitch Plugin vulnerability stores tokens in plain text
Moderate
CVE-2025-53666
was published
for
org.jenkins-ci.plugins:deadmanssnitch
(Maven)
Jul 9, 2025
Jenkins Kryptowire Plugin vulnerability stores unencrypted Kryptowire API key
Moderate
CVE-2025-53672
was published
for
io.jenkins.plugins:kryptowire
(Maven)
Jul 9, 2025
ProTip!
Advisories are also available from the
GraphQL API