GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,960
Composer 5,074
Erlang 39
GitHub Actions 38
Go 2,736
Maven 6,144
npm 4,336
NuGet 764
pip 4,110
Pub 12
RubyGems 960
Rust 1,068
Swift 45

Unreviewed advisories

All unreviewed 279,847

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

57 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Certain configuration available in the communication channel for encoders could expose sensitive... Moderate Unreviewed

CVE-2024-22388 was published Feb 7, 2024

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused... Moderate Unreviewed

CVE-2024-30124 was published Oct 23, 2024

OpenStack Nova uses insecure keystone middleware tmpdir by default Moderate

CVE-2013-2030 was published for python-keystoneclient (pip) May 17, 2022

Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers... Moderate Unreviewed

CVE-2024-48122 was published Jan 15, 2025

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users... Moderate Unreviewed

CVE-2024-0387 was published Feb 26, 2024

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects... Moderate Unreviewed

CVE-2025-2129 was published Mar 9, 2025

An unauthenticated remote attacker can gain limited information of the PLC network but the user... Moderate Unreviewed

CVE-2024-41975 was published Mar 18, 2025

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have... Moderate Unreviewed

CVE-2025-27809 was published Mar 25, 2025

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource... Moderate Unreviewed

CVE-2025-29985 was published Apr 8, 2025

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could... Moderate Unreviewed

CVE-2025-2441 was published Apr 9, 2025

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could... Moderate Unreviewed

CVE-2025-2442 was published Apr 9, 2025

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting... Moderate Unreviewed

CVE-2017-5491 was published May 13, 2022

Insecure default variable initialization of Intel(R) RealSense(TM) ID Solution F450 before... Moderate Unreviewed

CVE-2021-33130 was published May 13, 2022

CNCF K3s Kubernetes kubelet configuration exposes credentials Moderate

CVE-2025-46599 was published for github.com/k3s-io/k3s (Go) Apr 25, 2025

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an... Moderate Unreviewed

CVE-2023-48733 was published Feb 15, 2024

In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign... Moderate Unreviewed

CVE-2021-47343 was published May 21, 2024

Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint Moderate

CVE-2025-53602 was published for io.zipkin:zipkin-server (Maven) Jul 4, 2025

Liferay Portal and Liferay DXP HTTP Header Can Expose Versions Moderate

CVE-2024-26267 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept... Moderate Unreviewed

CVE-2025-32330 was published Sep 4, 2025

During a short time frame while the device is booting an unauthenticated remote attacker can send... Moderate Unreviewed

CVE-2025-41713 was published Sep 15, 2025

Liferay has Insecure Default Initialization of Resource issue Moderate

CVE-2025-43797 was published for com.liferay:com.liferay.site.admin.web (Maven) Sep 16, 2025

VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with... Moderate Unreviewed

CVE-2025-41245 was published Sep 29, 2025

Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user... Moderate Unreviewed

CVE-2024-9949 was published Oct 23, 2024

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix... Moderate Unreviewed

CVE-2022-49099 was published Oct 14, 2025

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap... Moderate Unreviewed

CVE-2025-48927 was published May 28, 2025

Previous 123 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

57 advisories