Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

240,411 advisories

Loading
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request... Low Unreviewed
CVE-2024-13261 was published Jan 9, 2025
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')... Moderate Unreviewed
CVE-2024-13263 was published Jan 9, 2025
A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This... Moderate Unreviewed
CVE-2024-12789 was published Dec 19, 2024
Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows... Moderate Unreviewed
CVE-2024-13249 was published Jan 9, 2025
Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence... Moderate Unreviewed
CVE-2024-13248 was published Jan 9, 2025
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32... Critical Unreviewed
CVE-2025-22376 was published Jan 4, 2025
An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the... Low Unreviewed
CVE-2025-23113 was published Jan 11, 2025
An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability... Moderate Unreviewed
CVE-2025-23112 was published Jan 11, 2025
The administrator is able to configure an insecure captive portal script High Unreviewed
CVE-2024-9132 was published Jan 11, 2025
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced... High Unreviewed
CVE-2024-9134 was published Jan 11, 2025
Backup uploads to ETM subject to man-in-the-middle interception High Unreviewed
CVE-2024-47519 was published Jan 11, 2025
A user with advanced report application access rights can perform actions for which they are not... High Unreviewed
CVE-2024-47520 was published Jan 11, 2025
Specially constructed queries targeting ETM could discover active remote access sessions Moderate Unreviewed
CVE-2024-47518 was published Jan 11, 2025
An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in... Moderate Unreviewed
CVE-2025-23110 was published Jan 11, 2025
An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name,... Moderate Unreviewed
CVE-2025-23111 was published Jan 11, 2025
Specially constructed queries cause cross platform scripting leaking administrator tokens High Unreviewed
CVE-2024-9188 was published Jan 11, 2025
A user with administrator privileges is able to retrieve authentication tokens Moderate Unreviewed
CVE-2024-9133 was published Jan 11, 2025
A user with administrator privileges can perform command injection High Unreviewed
CVE-2024-9131 was published Jan 11, 2025
Expired and unusable administrator authentication tokens can be revealed by units that have timed... Moderate Unreviewed
CVE-2024-47517 was published Jan 11, 2025
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support... Moderate Unreviewed
CVE-2024-7142 was published Jan 11, 2025
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-2799 was published Apr 23, 2024
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce... Moderate Unreviewed
CVE-2024-3733 was published Apr 25, 2024
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-3889 was published Apr 23, 2024
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-3645 was published Apr 22, 2024
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-2798 was published Apr 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database