Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

242,351 advisories

Loading
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  CP210 VCP Win 2k ... High Unreviewed
CVE-2024-9494 was published Jan 24, 2025
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows ... High Unreviewed
CVE-2024-9495 was published Jan 24, 2025
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility... High Unreviewed
CVE-2024-9492 was published Jan 24, 2025
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit ... High Unreviewed
CVE-2024-9496 was published Jan 24, 2025
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK ... High Unreviewed
CVE-2024-9498 was published Jan 24, 2025
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  ToolStick ... High Unreviewed
CVE-2024-9493 was published Jan 24, 2025
A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up... Moderate Unreviewed
CVE-2025-0697 was published Jan 24, 2025
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE... High Unreviewed
CVE-2024-9499 was published Jan 24, 2025
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK ... High Unreviewed
CVE-2024-9497 was published Jan 24, 2025
An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based... Moderate Unreviewed
CVE-2024-57184 was published Jan 24, 2025
IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to... High Unreviewed
CVE-2024-41739 was published Jan 24, 2025
The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information... Moderate Unreviewed
CVE-2024-10324 was published Jan 24, 2025
The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side... Moderate Unreviewed
CVE-2024-11913 was published Jan 24, 2025
GPAC MP4box 2.1-DEV-rev574-g9d5bb184b contains a buffer overflow in gf_vvc_read_pps_bs_internal... High Unreviewed
CVE-2022-47090 was published Jan 24, 2025
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2... High Unreviewed
CVE-2024-9491 was published Jan 24, 2025
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE... High Unreviewed
CVE-2024-9490 was published Jan 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23889 was published Jan 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23888 was published Jan 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23621 was published Jan 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23711 was published Jan 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23837 was published Jan 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23734 was published Jan 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23737 was published Jan 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23885 was published Jan 24, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-23622 was published Jan 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database