Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

8,012 advisories

Loading
Shopware Vulnerable to Blind SQL-injection in DAL aggregations High
CVE-2025-27892 was published for shopware/core (Composer) Apr 8, 2025
Shopware allows Denial Of Service via password length High
CVE-2025-30151 was published for shopware/core (Composer) Apr 8, 2025
bsmietana
Apollo Compiler Named Fragment Processing Vulnerability High
CVE-2025-31496 was published for apollo-compiler (Rust) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32031 was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32030 was published for @apollo/gateway (npm) Apr 7, 2025
Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing High
CVE-2025-32380 was published for apollo-router (Rust) Apr 7, 2025
yo-artyom
Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow High
CVE-2025-32033 was published for apollo-router (Rust) Apr 7, 2025
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32034 was published for apollo-router (Rust) Apr 7, 2025
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32032 was published for apollo-router (Rust) Apr 7, 2025
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate High
CVE-2025-46417 was published for picklescan (pip) Apr 7, 2025
david3107
js-object-utilities Vulnerable to Prototype Pollution High
CVE-2025-28269 was published for js-object-utilities (npm) Apr 7, 2025
tariqhawis
Apache Airflow Common SQL Provider Vulnerable to SQL Injection High
CVE-2025-30473 was published for apache-airflow-providers-common-sql (pip) Apr 7, 2025
MinIO performs incomplete signature validation for unsigned-trailer uploads High
CVE-2025-31489 was published for github.com/minio/minio (Go) Apr 4, 2025
owainkenwayucl AndEsterson
harshavardhana
The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server High
CVE-2025-31487 was published for org.xwiki.contrib.jira:jira-macro-default (Maven) Apr 4, 2025
GraphQL grant on a property might be cached with different objects High
CVE-2025-31485 was published for api-platform/core (Composer) Apr 4, 2025
ausi alanpoulain
soyuka Fafabian
GraphQL query operations security can be bypassed High
CVE-2025-31481 was published for api-platform/core (Composer) Apr 4, 2025
soyuka ausi
alanpoulain
generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework High
CVE-2025-31119 was published for generator-jhipster-entity-audit (npm) Apr 4, 2025
OmarHawk
jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal" High
CVE-2025-30370 was published for jupyterlab-git (pip) Apr 4, 2025
dlqqq rpwagner
krassowski
bigint-buffer Vulnerable to Buffer Overflow via toBigIntLE() Function High
CVE-2025-3194 was published for bigint-buffer (npm) Apr 4, 2025
Browsershot Server-Side Request Forgery (SSRF) via setURL() Function High
CVE-2025-3192 was published for spatie/browsershot (Composer) Apr 4, 2025
canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output High
CVE-2025-31479 was published for canonical/get-workflow-version-action (GitHub Actions) Apr 2, 2025
dannystaple
Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component High
CVE-2025-29085 was published for com.vip.saturn:saturn-console (Maven) Apr 2, 2025
Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics High
CVE-2023-27591 was published for miniflux.app (Go) Apr 2, 2025
40826d fguillot
Jenkins Templating Engine Plugin Vulnerable to Arbitrary Code Execution High
CVE-2025-31722 was published for org.jenkins-ci.plugins:templating-engine (Maven) Apr 2, 2025
image-size Denial of Service via Infinite Loop during Image Processing High
GHSA-m5qc-5hw7-8vg7 was published for image-size (npm) Apr 2, 2025
dellalibera TheFrankemon
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database