Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

11,994 advisories

Loading
Mattermost fails to properly enforce access control restrictions for System Manager roles Low
CVE-2025-3611 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly enforce access controls for guest users Low
CVE-2025-1792 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Apache Tomcat - CGI security constraint bypass Low
CVE-2025-46701 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 29, 2025
Information exposure in Next.js dev server due to lack of origin verification Low
CVE-2025-48068 was published for next (npm) May 28, 2025
sapphi-red R4356th
The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even... Low Unreviewed
CVE-2025-48930 was published May 28, 2025
The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up... Low Unreviewed
CVE-2025-48931 was published May 28, 2025
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching Low
CVE-2025-46570 was published for vllm (pip) May 28, 2025
russellb dr75
DarkLight1337
Traefik allows path traversal using url encoding Low
CVE-2025-47952 was published for github.com/traefik/traefik (Go) May 28, 2025
antonjanrutten
Hackney fails to properly release HTTP connections to the pool Low
CVE-2025-3864 was published for hackney (Erlang) May 28, 2025
A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0,... Low Unreviewed
CVE-2025-46777 was published May 28, 2025
A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7... Low Unreviewed
CVE-2025-47295 was published May 28, 2025
A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0... Low Unreviewed
CVE-2024-54020 was published May 28, 2025
A exposure of sensitive system information to an unauthorized control sphere in Fortinet... Low Unreviewed
CVE-2025-24473 was published May 28, 2025
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC... Low Unreviewed
CVE-2025-2826 was published May 28, 2025
Fess has Insecure Temporary File Permissions Low
CVE-2025-48382 was published for org.codelibs.fess:fess (Maven) May 27, 2025
simei2k yusuke-koyoshi
auth-js Vulnerable to Insecure Path Routing from Malformed User Input Low
CVE-2025-48370 was published for @supabase/auth-js (npm) May 27, 2025
kos0ng
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in... Low Unreviewed
CVE-2025-2236 was published May 27, 2025
Gibbon before 29.0.00 allows CSRF. Low Unreviewed
CVE-2025-26211 was published May 27, 2025
A minor information leak when running Screen with setuid-root privileges allosw unprivileged... Low Unreviewed
CVE-2025-46804 was published May 26, 2025
process_lock has a Potential Unsound issue in unlock Low
CVE-2025-48751 was published for process_lock (Rust) May 24, 2025
Process Sync has a Potential Unsound Issue in SharedMutex Low
CVE-2025-48752 was published for process-sync (Rust) May 24, 2025
In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock. Low Unreviewed
CVE-2025-48753 was published May 24, 2025
memory_pages division by zero Low
CVE-2025-48754 was published for memory_pages (Rust) May 24, 2025
SCSIR has a Potential Unsound Issue in WriteSameCommand Low
CVE-2025-48756 was published for scsir (Rust) May 24, 2025
In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type). Low Unreviewed
CVE-2025-48755 was published May 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database