Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

420 advisories

Loading
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11... Moderate Unreviewed
CVE-2025-54562 was published Nov 14, 2025
Directus Vulnerable to Information Leakage in Existing Collections Moderate
CVE-2025-64749 was published for @directus/api (npm) Nov 13, 2025
sbstn-k kmzs
Credited to sbstn-k and kmzs
A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected... Moderate Unreviewed
CVE-2025-40760 was published Nov 11, 2025
Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error... Moderate Unreviewed
CVE-2025-61959 was published Oct 30, 2025
Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4:... Moderate Unreviewed
CVE-2025-12365 was published Oct 27, 2025
The router’s inconsistent response to invalid course IDs allowed attackers to infer which course... Moderate Unreviewed
CVE-2025-62397 was published Oct 23, 2025
Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers Moderate
GHSA-xvp7-8vm8-xfxx was published for @actual-app/sync-server (npm) Oct 20, 2025
StoobertB
Credited to StoobertB
ibexa/user login enumerates user accounts Moderate
GHSA-q3x8-6898-23g3 was published for ibexa/user (Composer) Oct 17, 2025
Generation of error message containing sensitive information in Windows USB Video Driver allows... Moderate Unreviewed
CVE-2025-55676 was published Oct 14, 2025
HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes... Low Unreviewed
CVE-2025-31998 was published Oct 12, 2025
Canonical LXD Project Existence Determination Through Error Handling in Image Get Function Moderate
CVE-2025-54291 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Dell Crypto-J generates an error message that includes sensitive information about its... Moderate Unreviewed
CVE-2025-26333 was published Sep 25, 2025
Generation of error message containing sensitive information in Windows Kernel allows an... Moderate Unreviewed
CVE-2025-53803 was published Sep 9, 2025
Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting Moderate
CVE-2025-43776 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 9, 2025
TYPO3 CMS exposes sensitive information in an error message Moderate
CVE-2025-59016 was published for typo3/cms-core (Composer) Sep 9, 2025
Liferay Portal exposes 500 status when attempting login with a deleted client secret Moderate
CVE-2025-43777 was published for com.liferay:com.liferay.portal.security.sso.openid.connect.impl (Maven) Sep 9, 2025
In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a... Moderate Unreviewed
CVE-2025-48562 was published Sep 4, 2025
IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain... High Unreviewed
CVE-2025-36003 was published Aug 28, 2025
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0... Moderate Unreviewed
CVE-2025-9229 was published Aug 20, 2025
HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under... Moderate Unreviewed
CVE-2025-52619 was published Aug 16, 2025
OMERO.web displays unecessary user information when requesting password reset Moderate
CVE-2025-54791 was published for omero-web (pip) Aug 13, 2025
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >=... Low Unreviewed
CVE-2024-41984 was published Aug 12, 2025
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >=... Moderate Unreviewed
CVE-2024-41983 was published Aug 12, 2025
A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part... Moderate Unreviewed
CVE-2025-8852 was published Aug 11, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python... High Unreviewed
CVE-2025-23320 was published Aug 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database