Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

98 advisories

Loading
XWiki exposes passwords and emails stored in fields not named password/email in xml.vm High
CVE-2025-54125 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
XWiki leaks password hashes and other accessible password properties High
CVE-2025-54124 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in... Moderate Unreviewed
CVE-2025-43259 was published Jul 30, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and... High Unreviewed
CVE-2025-43227 was published Jul 30, 2025
The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.9, iOS 18... Moderate Unreviewed
CVE-2025-43217 was published Jul 30, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and... Moderate Unreviewed
CVE-2025-31276 was published Jul 30, 2025
DynamicPageList3 vulnerability exposes hidden/suppressed usernames High
CVE-2025-53625 was published for universal-omega/dynamic-page-list3 (Composer) Jul 10, 2025
Markus-Rost Universal-Omega
A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2... Moderate Unreviewed
CVE-2025-6017 was published Jul 2, 2025
Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack... High Unreviewed
CVE-2025-49715 was published Jun 20, 2025
Weblate exposes personal IP address via e-mail Low
CVE-2025-49134 was published for weblate (pip) Jun 16, 2025
amCap1712 nijel
Exposure of private personal information to an unauthorized actor in the user vaults component of... High Unreviewed
CVE-2025-5334 was published May 29, 2025
Sensitive device logger information in ASPECT may be exposed if administrator credentials become... Moderate Unreviewed
CVE-2024-13953 was published May 22, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17... Moderate Unreviewed
CVE-2025-0679 was published May 22, 2025
Insufficient default configuration in HCL Leap allows anonymous access to directory information. Moderate Unreviewed
CVE-2023-45721 was published May 1, 2025
Insufficient default configuration in HCL Leap allows anonymous access to directory information. Moderate Unreviewed
CVE-2023-45720 was published Apr 24, 2025
Zabbix API user.get returns all users that share common group with the calling user. This... Low Unreviewed
CVE-2024-42325 was published Apr 2, 2025
By first using the AI chatbot in one tab and later activating it in another tab, the document... Moderate Unreviewed
CVE-2025-3035 was published Apr 1, 2025
An information disclosure vulnerability exists in the latest version of transformeroptimus... High Unreviewed
CVE-2024-10267 was published Mar 20, 2025
A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic... Moderate Unreviewed
CVE-2025-26816 was published Mar 19, 2025
Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote... Moderate Unreviewed
CVE-2025-27080 was published Mar 18, 2025
A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with... Moderate Unreviewed
CVE-2025-25042 was published Mar 18, 2025
The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2024-13228 was published Mar 11, 2025
Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an... High Unreviewed
CVE-2024-11216 was published Mar 5, 2025
Android apps can load web pages using the Custom Tabs feature. This feature supports a transition... Low Unreviewed
CVE-2025-1939 was published Mar 4, 2025
An attacker could expose cross-user personal identifiable information (PII) and personal health... High Unreviewed
CVE-2025-20060 was published Feb 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database