Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,747
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,749 advisories

Loading
Yii 2 Redis may expose AUTH paramters in logs in case of connection failure Moderate
CVE-2025-48493 was published for yiisoft/yii2-redis (Composer) Jun 5, 2025
Ciphertext Malleability Issue in Tink Java Moderate
CVE-2020-8929 was published for com.google.crypto.tink:tink (Maven) Oct 16, 2020
reteptilian
WSO2 products vulnerable to Cross-site Scripting Moderate
CVE-2024-8008 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui (Maven) Jun 2, 2025
Grafana's datasource proxy API allows authorization checks to be bypassed Moderate
CVE-2025-3454 was published for github.com/grafana/grafana (Go) Jun 2, 2025
ReDoS Vulnerability in Rack::Multipart handle_mime_head Moderate
CVE-2025-49007 was published for rack (RubyGems) Jun 5, 2025
kro Confused Deputy vulnerability Moderate
CVE-2025-48710 was published for github.com/kro-run/kro (Go) Jun 4, 2025
Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language Moderate
CVE-2025-35036 was published for org.hibernate.validator:hibernate-validator (Maven) Jun 3, 2025
Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2024-21486 was published for deno (Rust) Jun 5, 2025
cristianstaicu vdata1
Auth0 Wordpress Plugin vulnerable to Deserialization of Untrusted Data Critical
GHSA-862m-5253-832r was published for auth0/wordpress (Composer) Jun 5, 2025
users may append `root` to group listings Moderate
GHSA-m65q-v92h-cm7q was published for users (Rust) Jun 5, 2025
Multer vulnerable to Denial of Service via unhandled exception High
CVE-2025-48997 was published for multer (npm) Jun 5, 2025
bjohansebas ctcpip
Markiz9999 UlisesGascon wesleytodd LinusU
Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint Moderate
CVE-2025-48996 was published for @haxtheweb/open-apis (npm) Jun 5, 2025
23younesm
Grafana vulnerable to authenticated users bypassing dashboard, folder permissions High
CVE-2025-3260 was published for github.com/grafana/grafana (Go) Jun 2, 2025
anon-vec lacks sufficient checks in public API Low
GHSA-pr59-jjr4-gcf6 was published for anon-vec (Rust) Jun 5, 2025
SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack Moderate
CVE-2025-48994 was published for signxml (pip) Jun 5, 2025
ahacker1-securesaml
SignXML's signature verification with HMAC is vulnerable to a timing attack Moderate
CVE-2025-48995 was published for signxml (pip) Jun 5, 2025
ahacker1-securesaml
Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution Low
CVE-2025-5321 was published for aim (pip) May 29, 2025
Cross-site Scripting (XSS) in serialize-javascript Moderate
CVE-2024-11831 was published for serialize-javascript (npm) Feb 10, 2025
mhassan1
Gradio CORS Origin Validation Bypass Vulnerability Low
CVE-2025-5320 was published for gradio (pip) May 29, 2025
AstrBot Has Path Traversal Vulnerability in /api/chat/get_file High
CVE-2025-48957 was published for astrbot (pip) Jun 4, 2025
Soulter Raven95676
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads Moderate
CVE-2025-48953 was published for Umbraco.Cms (NuGet) Jun 4, 2025
00mpal00mpa
WSO2 products vulnerable to privilege escalation due to business logic flaw in SOAP admin services Moderate
CVE-2024-7096 was published for org.wso2.am:am-parent (Maven) May 30, 2025
MantisBT XSS via my_view_page.php and view_user_page.php Moderate
CVE-2017-7897 was published for mantisbt/mantisbt (Composer) May 17, 2022
NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies High
CVE-2025-48947 was published for @auth0/nextjs-auth0 (npm) Jun 4, 2025
Deno has --allow-read / --allow-write permission bypass in `node:sqlite` Moderate
CVE-2025-48935 was published for deno (Rust) Jun 4, 2025
littledivy 0f-0b
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database