Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,472
Erlang
33
GitHub Actions
24
Go
2,195
Maven
5,000+
npm
3,841
NuGet
696
pip
3,632
Pub
12
RubyGems
911
Rust
910
Swift
38
Unreviewed advisories
All unreviewed
5,000+

82 advisories

Loading
AWS CDK CLI prints AWS credentials retrieved by custom credential plugins Moderate
CVE-2025-2598 was published for aws-cdk (npm) Mar 21, 2025
langchain-core allows unauthorized users to read arbitrary files from the host file system Moderate
CVE-2024-10940 was published for langchain-core (pip) Mar 20, 2025
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of... Moderate Unreviewed
CVE-2025-23382 was published Mar 19, 2025
Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries High
CVE-2025-27403 was published for github.com/deislabs/ratify (Go) Mar 11, 2025
VMware Aria Operations contains an information disclosure vulnerability. A malicious user with... High Unreviewed
CVE-2025-22222 was published Jan 30, 2025
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3... Low Unreviewed
CVE-2024-52905 was published Mar 10, 2025
Carbon Black Cloud Windows Sensor, prior to 4.0.3, may be susceptible to an Information Leak... Low Unreviewed
CVE-2024-11035 was published Mar 5, 2025
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo... Moderate Unreviewed
CVE-2025-26911 was published Feb 25, 2025
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Moderate Unreviewed
CVE-2025-26758 was published Feb 17, 2025
An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to... Moderate Unreviewed
CVE-2025-1212 was published Feb 12, 2025
School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing... Critical Unreviewed
CVE-2025-1144 was published Feb 11, 2025
A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope... High Unreviewed
CVE-2024-8550 was published Feb 10, 2025
Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever... Critical Unreviewed
CVE-2024-36554 was published Feb 6, 2025
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0)... Moderate Unreviewed
CVE-2024-37526 was published Jan 28, 2025
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain... Moderate Unreviewed
CVE-2024-37070 was published Nov 19, 2024
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version... Moderate Unreviewed
CVE-2024-40706 was published Jan 24, 2025
A valid set of credentials in a .js file and a static token for communication were obtained from... Moderate Unreviewed
CVE-2024-53683 was published Jan 17, 2025
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to... Moderate Unreviewed
CVE-2024-11029 was published Jan 15, 2025
SAP GUI for Java saves user input on the client PC to improve usability. An attacker with... Moderate Unreviewed
CVE-2025-0056 was published Jan 14, 2025
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific... Moderate Unreviewed
CVE-2025-0055 was published Jan 14, 2025
Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input... Moderate Unreviewed
CVE-2025-0059 was published Jan 14, 2025
SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform... High Unreviewed
CVE-2025-0061 was published Jan 14, 2025
IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in... Moderate Unreviewed
CVE-2024-45640 was published Jan 7, 2025
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system... Moderate Unreviewed
CVE-2024-52367 was published Jan 7, 2025
Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured... Moderate Unreviewed
CVE-2024-12993 was published Dec 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database