Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

123,144 advisories

Loading
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls. Moderate Unreviewed
CVE-2024-38411 was published Feb 3, 2025
Information disclosure while processing information on firmware image during core initialization. Moderate Unreviewed
CVE-2024-38414 was published Feb 3, 2025
Memory corruption while processing frame packets. Moderate Unreviewed
CVE-2024-38413 was published Feb 3, 2025
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session... Moderate Unreviewed
CVE-2024-38412 was published Feb 3, 2025
Information disclosure while processing IO control commands. Moderate Unreviewed
CVE-2024-38417 was published Feb 3, 2025
Information disclosure during audio playback. Moderate Unreviewed
CVE-2024-38416 was published Feb 3, 2025
rust-openssl ssl::select_next_proto use after free Moderate
CVE-2025-24898 was published for openssl (Rust) Feb 3, 2025
mmastrac
S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends Moderate
CVE-2025-24961 was published for org.gaul:s3proxy (Maven) Feb 3, 2025
xbow-security
TShock allows chat while not fully connected, possible ban evasion Moderate
GHSA-f8mx-cwfh-7hr2 was published for tshock (NuGet) Feb 3, 2025
ohayo
CometBFT allows a malicious peer to make node stuck in blocksync Moderate
CVE-2025-24371 was published for github.com/cometbft/cometbft (Go) Feb 3, 2025
unknownfeature
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2025-23210 was published for phpoffice/phpspreadsheet (Composer) Feb 3, 2025
Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery... Moderate Unreviewed
CVE-2025-24697 was published Feb 3, 2025
Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting... Moderate Unreviewed
CVE-2025-24642 was published Feb 3, 2025
Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-24643 was published Feb 3, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-24605 was published Feb 3, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in GREYS Korea for WooCommerce... Moderate Unreviewed
CVE-2025-24639 was published Feb 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-23581 was published Feb 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-23561 was published Feb 3, 2025
Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows Accessing Functionality Not... Moderate Unreviewed
CVE-2025-23527 was published Feb 3, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri WordPress Signature allows... Moderate Unreviewed
CVE-2025-22704 was published Feb 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-23747 was published Feb 3, 2025
Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme... Moderate Unreviewed
CVE-2024-50500 was published Feb 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-22292 was published Feb 3, 2025
Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-22677 was published Feb 3, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-22683 was published Feb 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database