Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,633
Erlang
34
GitHub Actions
25
Go
2,239
Maven
5,000+
npm
3,902
NuGet
701
pip
3,668
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

586 advisories

Loading
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an... Moderate Unreviewed
CVE-2024-11084 was published Apr 15, 2025
During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered... Moderate Unreviewed
CVE-2025-0361 was published Apr 8, 2025
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive... Moderate Unreviewed
CVE-2024-51477 was published Mar 29, 2025
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow... High Unreviewed
CVE-2024-13939 was published Mar 28, 2025
An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/... Moderate Unreviewed
CVE-2025-30344 was published Mar 21, 2025
An unauthenticated remote attacker can gain access to sensitive information including... High Unreviewed
CVE-2025-1468 was published Mar 18, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations Moderate
CVE-2025-29780 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain... Low Unreviewed
CVE-2024-41760 was published Mar 11, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27667 was published Mar 5, 2025
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860... High Unreviewed
CVE-2024-41335 was published Feb 27, 2025
The login functionality of the web server in affected devices does not normalize the response... Moderate Unreviewed
CVE-2023-37482 was published Feb 11, 2025
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition... Moderate Unreviewed
CVE-2024-45089 was published Jan 31, 2025
A specific authentication strategy allows to learn ids of PAM users associated with certain... Moderate Unreviewed
CVE-2025-24506 was published Jan 30, 2025
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an... Moderate Unreviewed
CVE-2023-37413 was published Jan 29, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in... Critical Unreviewed
CVE-2025-24146 was published Jan 28, 2025
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an... Moderate Unreviewed
CVE-2023-47159 was published Jan 27, 2025
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due... Moderate Unreviewed
CVE-2024-35114 was published Jan 25, 2025
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to... High Unreviewed
CVE-2024-49734 was published Jan 22, 2025
In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error... Moderate Unreviewed
CVE-2024-43763 was published Jan 22, 2025
In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an... Moderate Unreviewed
CVE-2024-49733 was published Jan 22, 2025
In multiple locations, there is a possible way to obtain any system permission due to a logic... High Unreviewed
CVE-2024-43095 was published Jan 22, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... High Unreviewed
CVE-2025-21510 was published Jan 21, 2025
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
Windows Cryptographic Information Disclosure Vulnerability Moderate Unreviewed
CVE-2025-21336 was published Jan 14, 2025
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through... Moderate Unreviewed
CVE-2024-36510 was published Jan 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database