Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,331
Erlang
31
GitHub Actions
21
Go
2,093
Maven
5,000+
npm
3,756
NuGet
678
pip
3,443
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

122,161 advisories

Loading
The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-12477 was published Jan 23, 2025
By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals... Moderate Unreviewed
CVE-2024-9310 was published Jan 22, 2025
Cross site scripting in Silverpeas Core Moderate
CVE-2024-56923 was published for org.silverpeas.core:silverpeas-core (Maven) Jan 22, 2025
Disabled permissions can be granted by Folder-based in Jenkins Authorization Strategy Plugin Moderate
CVE-2025-24401 was published for io.jenkins.plugins:folder-auth (Maven) Jan 22, 2025
CSRF vulnerability in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24402 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Missing permission checks in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24403 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File... Moderate Unreviewed
CVE-2025-0651 was published Jan 22, 2025
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
Cache confusion in Jenkins Eiffel Broadcaster Plugin Moderate
CVE-2025-24400 was published for com.axis.jenkins.plugins.eiffel:eiffel-broadcaster (Maven) Jan 22, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-23992 was published Jan 22, 2025
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19... Moderate Unreviewed
CVE-2024-51457 was published Jan 22, 2025
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could... Moderate Unreviewed
CVE-2025-20128 was published Jan 22, 2025
ps_contactinfo has a potential XSS due to usage of the nofilter tag in template Moderate
CVE-2025-24027 was published for prestashop/ps_contactinfo (Composer) Jan 22, 2025
Cilium has an information leakage via insecure default Hubble UI CORS header Moderate
CVE-2025-23047 was published for github.com/cilium/cilium (Go) Jan 22, 2025
DoS in Cilium agent DNS proxy from crafted DNS responses Moderate
CVE-2025-23028 was published for github.com/cilium/cilium (Go) Jan 22, 2025
bimmlerd kokelley-cisco
Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-23684 was published Jan 22, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2025-23562 was published Jan 22, 2025
Missing Authorization vulnerability in NotFound Database Sync allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-23486 was published Jan 22, 2025
Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak Moderate
CVE-2025-0604 was published for org.keycloak:keycloak-ldap-federation (Maven) Jan 22, 2025
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a... Moderate Unreviewed
CVE-2024-13447 was published Jan 22, 2025
A externally controlled reference to a resource in another sphere in Fortinet FortiManager before... Moderate Unreviewed
CVE-2022-23439 was published Jan 22, 2025
The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2024-13406 was published Jan 22, 2025
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a... Moderate Unreviewed
CVE-2024-13361 was published Jan 22, 2025
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to... Moderate Unreviewed
CVE-2024-13319 was published Jan 22, 2025
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery... Moderate Unreviewed
CVE-2024-13360 was published Jan 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database