Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

124,303 advisories

Loading
There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows... Moderate Unreviewed
CVE-2025-1726 was published Feb 26, 2025
Mautic allows Relative Path Traversal in assets file upload Moderate
CVE-2022-25773 was published for mautic/core (Composer) Feb 26, 2025
patrykgruszka majkelstick
escopecz
MET ONE 3400+ instruments running software v1.0.41 can, under rare conditions, temporarily store... Moderate Unreviewed
CVE-2025-0941 was published Feb 26, 2025
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute... Moderate Unreviewed
CVE-2025-20117 was published Feb 26, 2025
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow... Moderate Unreviewed
CVE-2025-20118 was published Feb 26, 2025
A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to... Moderate Unreviewed
CVE-2025-20116 was published Feb 26, 2025
A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated... Moderate Unreviewed
CVE-2025-20119 was published Feb 26, 2025
A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco... Moderate Unreviewed
CVE-2025-20161 was published Feb 26, 2025
The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some... Moderate Unreviewed
CVE-2024-13113 was published Feb 26, 2025
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the... Moderate Unreviewed
CVE-2025-25800 was published Feb 26, 2025
A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers... Moderate Unreviewed
CVE-2024-46226 was published Feb 26, 2025
A Broken Authorization schema exists where any authenticated user could download IOA script and... Moderate Unreviewed
CVE-2025-1091 was published Feb 26, 2025
HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation... Moderate Unreviewed
CVE-2024-30150 was published Feb 26, 2025
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a... Moderate Unreviewed
CVE-2024-27246 was published Feb 25, 2025
Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a... Moderate Unreviewed
CVE-2024-27245 was published Feb 25, 2025
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct... Moderate Unreviewed
CVE-2024-45426 was published Feb 25, 2025
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a... Moderate Unreviewed
CVE-2024-27239 was published Feb 25, 2025
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a... Moderate Unreviewed
CVE-2024-45424 was published Feb 25, 2025
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an... Moderate Unreviewed
CVE-2024-45425 was published Feb 25, 2025
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an... Moderate Unreviewed
CVE-2024-45418 was published Feb 25, 2025
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6... Moderate Unreviewed
CVE-2024-45417 was published Feb 25, 2025
Navidrome allows an authentication bypass in Subsonic API with non-existent username Moderate
CVE-2025-27112 was published for github.com/navidrome/navidrome (Go) Feb 25, 2025
daniele-athome
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2025-26952 was published Feb 25, 2025
Cross-Site Request Forgery (CSRF) vulnerability in flowdee ClickWhale allows Cross Site Request... Moderate Unreviewed
CVE-2025-26963 was published Feb 25, 2025
Missing Authorization vulnerability in George Pattichis Simple Photo Feed allows Exploiting... Moderate Unreviewed
CVE-2025-27000 was published Feb 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database