GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,811
Erlang
36
GitHub Actions
32
Go
2,396
Maven
5,000+
npm
4,033
NuGet
721
pip
3,824
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+
23,264 advisories
Filter by severity
Opencast still publishes global system account credentials
Moderate
CVE-2025-54380
was published
for
org.opencastproject:opencast-common
(Maven)
Jul 25, 2025
HAX CMS API Lacks Authorization Checks
High
CVE-2025-54378
was published
for
@haxtheweb/haxcms-nodejs
(Composer)
Jul 25, 2025
tj-actions/branch-names has a Command Injection Vulnerability
Critical
GHSA-gq52-6phf-x2r6
was published
for
tj-actions/branch-names
(GitHub Actions)
Jul 25, 2025
Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time
High
CVE-2025-54413
was published
for
skops
(pip)
Jul 25, 2025
Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution
High
CVE-2025-54412
was published
for
skops
(pip)
Jul 25, 2025
JHipster allows privilege escalation via a modified authorities parameter
High
CVE-2025-43712
was published
for
generator-jhipster
(npm)
Jul 25, 2025
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code
Critical
GHSA-75jv-vfxf-3865
was published
for
assemblyline-service-client
(pip)
Jul 25, 2025
XWiki Platform vulnerable to SQL injection through XWiki#searchDocuments API
High
CVE-2025-54385
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jul 25, 2025
Node-SAML SAML Authentication Bypass
Critical
CVE-2025-54369
was published
for
@node-saml/node-saml
(npm)
Jul 25, 2025
Calibre Web and Autocaliweb have OS Command Injection vulnerability
Moderate
CVE-2025-7404
was published
for
calibreweb
(pip)
Jul 24, 2025
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
Critical
CVE-2025-32429
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Jul 24, 2025
eKuiper API endpoints handling SQL queries with user-controlled table names.
High
CVE-2025-54379
was published
for
github.com/lf-edge/ekuiper/v2
(Go)
Jul 24, 2025
ImageMagick has XMP profile write that triggers hang due to unbounded loop
High
CVE-2025-53015
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jul 23, 2025
Mezzanine CMS vulnerable to Cross-site Scripting
Moderate
CVE-2025-50481
was published
for
Mezzanine
(pip)
Jul 23, 2025
Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data
High
CVE-2025-54371
was published
for
axios
(npm)
Jul 23, 2025
•
withdrawn
Possible ORM Leak Vulnerability in the Harbor
Moderate
CVE-2025-30086
was published
for
github.com/goharbor/harbor
(Go)
Jul 23, 2025
FastAPI Guard has a regex bypass
High
CVE-2025-54365
was published
for
fastapi-guard
(pip)
Jul 23, 2025
Harbor repository description page has Cross-site Scripting vulnerability
Moderate
CVE-2025-32019
was published
for
github.com/goharbor/harbor
(Go)
Jul 23, 2025
files-bucket-server vulnerable to Directory Traversal
High
CVE-2025-8021
was published
for
files-bucket-server
(npm)
Jul 23, 2025
private-ip vulnerable to Server-Side Request Forgery
High
CVE-2025-8020
was published
for
private-ip
(npm)
Jul 23, 2025
Ollama vulnerable to Cross-Domain Token Exposure
Moderate
CVE-2025-51471
was published
for
github.com/ollama/ollama
(Go)
Jul 22, 2025
Dagster Local File Inclusion vulnerability
Moderate
CVE-2025-51481
was published
for
dagster
(pip)
Jul 22, 2025
Aim vulnerable to Cross-site Scripting
Moderate
CVE-2025-51464
was published
for
aim
(pip)
Jul 22, 2025
Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources
High
CVE-2025-53942
was published
for
goauthentik.io
(Go)
Jul 22, 2025
ProTip!
Advisories are also available from the
GraphQL API