Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

11,495 advisories

Loading
copyparty renders unsanitized filenames as HTML when user uploads empty files Low
CVE-2025-27145 was published for copyparty (pip) Feb 26, 2025
JayPatel48
A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP... Low Unreviewed
CVE-2025-0760 was published Feb 26, 2025
NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a... Low Unreviewed
CVE-2024-53870 was published Feb 25, 2025
NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a... Low Unreviewed
CVE-2024-53876 was published Feb 25, 2025
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where... Low Unreviewed
CVE-2024-53879 was published Feb 25, 2025
NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a... Low Unreviewed
CVE-2024-53877 was published Feb 25, 2025
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where... Low Unreviewed
CVE-2024-53878 was published Feb 25, 2025
NVIDIA CUDA toolkit for all platforms contains a vulnerability in the nvdisasm binary, where a... Low Unreviewed
CVE-2024-53871 was published Feb 25, 2025
NVIDIA CUDA toolkit for Windows contains a vulnerability in the cuobjdump binary, where a user... Low Unreviewed
CVE-2024-53873 was published Feb 25, 2025
NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a... Low Unreviewed
CVE-2024-53874 was published Feb 25, 2025
NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a... Low Unreviewed
CVE-2024-53875 was published Feb 25, 2025
NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a... Low Unreviewed
CVE-2024-53872 was published Feb 25, 2025
Matrix IRC Bridge allows IRC command injection to own puppeted user Low
CVE-2025-27146 was published for matrix-appservice-irc (npm) Feb 25, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows... Low Unreviewed
CVE-2025-26977 was published Feb 25, 2025
The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains... Low Unreviewed
CVE-2024-51539 was published Feb 25, 2025
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and... Low Unreviewed
CVE-2024-10545 was published Feb 25, 2025
Moodle allows teachers to evade trusttext config when restoring glossary entries Low
CVE-2025-26532 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has an IDOR in badges allows disabling of arbitrary badges Low
CVE-2025-26531 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has a stored XSS in ddimageortext question type Low
CVE-2025-26528 was published for moodle/moodle (Composer) Feb 24, 2025
Mattermost fails to invalidate all active sessions when converting a user to a bot Low
CVE-2025-1412 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
tarteaucitron Cross-site Scripting (XSS) Low
CVE-2025-1467 was published for tarteaucitronjs (npm) Feb 23, 2025
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for... Low Unreviewed
CVE-2024-45674 was published Feb 22, 2025
Leantime allows Cross-Site Scripting (XSS) Low
GHSA-f679-254h-qhvj was published for leantime/leantime (Composer) Feb 21, 2025
justWalsdi
Leantime has Missing Authorization Check for Host Parameter Low
GHSA-3hfj-qcvj-4hx8 was published for leantime/leantime (Composer) Feb 21, 2025
harshilsecurify
Vyper has a double eval in For List Iter Low
CVE-2025-27104 was published for vyper (pip) Feb 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database