Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

240,589 advisories

Loading
BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS) via the "Label" field in the... Unknown Unreviewed
CVE-2024-44771 was published Jan 13, 2025
An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with... High Unreviewed
CVE-2024-46480 was published Jan 13, 2025
The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to... High Unreviewed
CVE-2024-46481 was published Jan 13, 2025
Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to... Unknown Unreviewed
CVE-2024-46310 was published Jan 13, 2025
An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080,... Unknown Unreviewed
CVE-2024-46921 was published Jan 13, 2025
An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort'... Critical Unreviewed
CVE-2024-5743 was published Jan 13, 2025
Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload... Critical Unreviewed
CVE-2024-46479 was published Jan 13, 2025
Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin. High Unreviewed
CVE-2025-22963 was published Jan 13, 2025
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. Moderate Unreviewed
CVE-2024-12211 was published Jan 13, 2025
A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead... Moderate Unreviewed
CVE-2024-6352 was published Jan 13, 2025
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100,... Moderate Unreviewed
CVE-2024-46919 was published Jan 13, 2025
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name... Moderate Unreviewed
CVE-2024-54999 was published Jan 13, 2025
Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the... Moderate Unreviewed
CVE-2024-57488 was published Jan 13, 2025
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100,... Moderate Unreviewed
CVE-2024-46920 was published Jan 13, 2025
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820,... Moderate Unreviewed
CVE-2024-48883 was published Jan 13, 2025
In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file... Moderate Unreviewed
CVE-2024-57487 was published Jan 13, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22499 was published Jan 13, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22514 was published Jan 13, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22567 was published Jan 13, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22506 was published Jan 13, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22569 was published Jan 13, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22568 was published Jan 13, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22570 was published Jan 13, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-22576 was published Jan 13, 2025
Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-22800 was published Jan 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database