Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,746
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

183 advisories

Loading
Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra... Moderate Unreviewed
CVE-2025-63071 was published Dec 9, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in INFINITUM FORM Geo Controller... Unknown Unreviewed
CVE-2025-62109 was published Dec 9, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co... Moderate Unreviewed
CVE-2025-62994 was published Dec 9, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in levelfourdevelopment WP... Moderate Unreviewed
CVE-2025-62997 was published Dec 9, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime... Moderate Unreviewed
CVE-2025-63007 was published Dec 9, 2025
yawkat LZ4 Java has a possible information leak in Java safe decompressor High
CVE-2025-66566 was published for at.yawk.lz4:lz4-java (Maven) Dec 5, 2025
simonresch
Credited to simonresch
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but... High Unreviewed
CVE-2025-58098 was published Dec 5, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER... High Unreviewed
CVE-2025-13295 was published Dec 2, 2025
In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could... Moderate Unreviewed
CVE-2025-20789 was published Dec 2, 2025
Grav Exposes Password Hashes Leading to privilege escalation Moderate
CVE-2025-66304 was published for getgrav/grav (Composer) Dec 2, 2025
alix41dsec
Credited to alix41dsec
Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client High
CVE-2025-66035 was published for @angular/common (npm) Nov 26, 2025
alan-agius4 AndrewKushnir
irsl hybrist AKiileX
Credited to alan-agius4, AndrewKushnir, irsl, hybrist, and AKiileX
Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true` Moderate
CVE-2025-65944 was published for @sentry/astro (npm) Nov 24, 2025
LogStare Collector improperly handles the password hash data. An administrative user may obtain... Moderate Unreviewed
CVE-2025-64299 was published Nov 21, 2025
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could... Low Unreviewed
CVE-2025-52639 was published Nov 18, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6,... Moderate Unreviewed
CVE-2025-2615 was published Nov 15, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18... Moderate Unreviewed
CVE-2025-7000 was published Nov 15, 2025
Directus's conceal fields are searchable if read permissions enabled Moderate
CVE-2025-64748 was published for @directus/api (npm) Nov 13, 2025
bryantgillespie
Credited to bryantgillespie
Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details Moderate
CVE-2025-64502 was published for parse-server (npm) Nov 13, 2025
mtrezza coratgerl
mstniy
Credited to mtrezza, coratgerl, and mstniy
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache... Moderate Unreviewed
CVE-2025-64407 was published Nov 12, 2025
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker... Moderate Unreviewed
CVE-2025-59509 was published Nov 11, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in Sovlix MeetingHub meetinghub... Moderate Unreviewed
CVE-2025-62038 was published Nov 6, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with... High Unreviewed
CVE-2025-62039 was published Nov 6, 2025
Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim... High Unreviewed
CVE-2025-60188 was published Nov 6, 2025
MantisBT lacks verification when changing a user's email address Moderate
CVE-2025-55155 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
ncrcs dregad
Credited to ncrcs and dregad
Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO... Moderate Unreviewed
CVE-2025-64351 was published Oct 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database