Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

124,113 advisories

Loading
Leantime affected by Improper Neutralization of HTML Tags Moderate
GHSA-95j3-435g-vjcp was published for leantime/leantime (Composer) Feb 21, 2025
brent-hopkins hugo-guzman
Exiv2 allows Use After Free Moderate
CVE-2025-26623 was published for Exiv2 (pip) Feb 21, 2025
Marsman1996
Leantime allows Cross-Site Request Forgery (CSRF) Moderate
GHSA-92xh-6x7v-4rmq was published for leantime/leantime (Composer) Feb 21, 2025
dead1nfluence
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-63cr-xg3f-8jvr was published for leantime/leantime (Composer) Feb 21, 2025
mufazmi
Leantime allows Refelected Cross-Site Scripting (XSS) Moderate
GHSA-52xf-h226-pfgx was published for leantime/leantime (Composer) Feb 21, 2025
Evildevil499
Leantime has Insufficiently Protected Credentials Moderate
GHSA-h6w8-27ph-c385 was published for leantime/leantime (Composer) Feb 21, 2025
ANIKETishereok s0calledhacker
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-mg4c-884j-pcq9 was published for leantime/leantime (Composer) Feb 21, 2025
kirankumar2117
Leantime has Host Header Injection Vulnerability Moderate
GHSA-99r5-84gr-59f6 was published for leantime/leantime (Composer) Feb 21, 2025
anim-29
lakeFS allows an authenticated user to cause a crash by exhausting server memory Moderate
CVE-2025-27100 was published for github.com/treeverse/lakefs (Go) Feb 21, 2025
arielshaqed ItamarYuran
A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1.... Moderate Unreviewed
CVE-2025-1555 was published Feb 21, 2025
Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the... Moderate Unreviewed
CVE-2025-25605 was published Feb 21, 2025
A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to... Moderate Unreviewed
CVE-2025-25772 was published Feb 21, 2025
SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in... Moderate Unreviewed
CVE-2020-19248 was published Feb 21, 2025
Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable... Moderate Unreviewed
CVE-2025-25604 was published Feb 21, 2025
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function. Moderate Unreviewed
CVE-2025-25510 was published Feb 21, 2025
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for... Moderate Unreviewed
CVE-2024-45673 was published Feb 21, 2025
A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210... Moderate Unreviewed
CVE-2025-1546 was published Feb 21, 2025
A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic.... Moderate Unreviewed
CVE-2025-1548 was published Feb 21, 2025
There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the... Moderate Unreviewed
CVE-2025-25507 was published Feb 21, 2025
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function. Moderate Unreviewed
CVE-2025-25505 was published Feb 21, 2025
A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1... Moderate Unreviewed
CVE-2025-1543 was published Feb 21, 2025
A vulnerability, which was classified as critical, was found in dingfanzu CMS up to 20250210.... Moderate Unreviewed
CVE-2025-1544 was published Feb 21, 2025
A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. It has... Moderate Unreviewed
CVE-2025-1536 was published Feb 21, 2025
The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File... Moderate Unreviewed
CVE-2024-10222 was published Feb 21, 2025
A vulnerability was found in Harpia DiagSystem 12. It has been rated as critical. This issue... Moderate Unreviewed
CVE-2025-1537 was published Feb 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database