Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

195 advisories

Loading
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with... Critical Unreviewed
CVE-2025-40547 was published Nov 18, 2025
A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This... High Unreviewed
CVE-2025-11085 was published Nov 11, 2025
The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft... Low Unreviewed
CVE-2024-42332 was published Nov 27, 2024
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an... Critical Unreviewed
CVE-2024-38475 was published Jul 1, 2024
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when... Moderate Unreviewed
CVE-2025-6429 was published Jun 26, 2025
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker... Moderate Unreviewed
CVE-2025-4084 was published Apr 29, 2025
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core ... Moderate Unreviewed
CVE-2025-32072 was published Apr 11, 2025
During an address list folding when a separating comma ends up on a folded line and that line is... Low Unreviewed
CVE-2025-1795 was published Feb 28, 2025
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially... High Unreviewed
CVE-2022-39958 was published Sep 21, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP... Critical Unreviewed
CVE-2022-39956 was published Sep 21, 2022
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can... High Unreviewed
CVE-2022-39957 was published Sep 21, 2022
A malicious page could have used the type attribute of an OBJECT tag to override the default... Moderate Unreviewed
CVE-2025-11712 was published Oct 14, 2025
There is a Denial of Service(DoS)vulnerability in the ZTE MC889A Pro product. Due to insufficient... Moderate Unreviewed
CVE-2025-46583 was published Oct 27, 2025
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing... Critical Unreviewed
CVE-2022-42948 was published Mar 24, 2023
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15... Moderate Unreviewed
CVE-2022-24682 was published Feb 10, 2022
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into... High Unreviewed
CVE-2025-11713 was published Oct 14, 2025
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize... High Unreviewed
CVE-2025-55903 was published Oct 10, 2025
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2025-0607 was published Oct 6, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-46703 was published Sep 19, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-57880 was published Sep 19, 2025
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension... Moderate Unreviewed
CVE-2025-48007 was published Sep 19, 2025
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible... High Unreviewed
CVE-2024-34739 was published Aug 16, 2024
In multiple locations, there is a possible way to access content across user profiles due to URI... Moderate Unreviewed
CVE-2025-0083 was published Aug 27, 2025
An unauthenticated local attacker can gain admin privileges by deploying a config file due to... High Unreviewed
CVE-2024-45271 was published Oct 15, 2024
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33... Moderate Unreviewed
CVE-2024-40088 was published Oct 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database