Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,713 advisories

Loading
Navidrome Transcoding Permission Bypass Vulnerability Report High
CVE-2025-48948 was published for github.com/navidrome/navidrome (Go) May 29, 2025
lujiefsi
Navidrome allows SQL Injection via role parameter High
CVE-2025-48949 was published for github.com/navidrome/navidrome (Go) May 29, 2025
4rdr
PHPOffice Math allows XXE when processing an XML file in the MathML format High
CVE-2025-48882 was published for phpoffice/math (Composer) May 29, 2025
vLLM Tool Schema allows DoS via Malformed pattern and type Fields Moderate
CVE-2025-48944 was published for vllm (pip) May 28, 2025
russellb Jason-CKY
vLLM allows clients to crash the openai server with invalid regex Moderate
CVE-2025-48943 was published for vllm (pip) May 28, 2025
g-eoj russellb
Jason-CKY
vLLM DOS: Remotely kill vllm over http with invalid JSON schema Moderate
CVE-2025-48942 was published for vllm (pip) May 28, 2025
derekhiggins Jason-CKY
russellb
Chrome PHP is missing encoding in `CssSelector` Moderate
CVE-2025-48883 was published for chrome-php/chrome (Composer) May 28, 2025
divinity76 GrahamCampbell
enricodias
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py` Moderate
CVE-2025-48887 was published for vllm (pip) May 28, 2025
kexinoh russellb
mgoin
Moodle stored Cross-site Scripting (XSS) Moderate
CVE-2024-33997 was published for moodle/moodle (Composer) May 31, 2024
AnonySE26
Arrow2 allows out of bounds access in public safe API High
GHSA-wv8j-m3hx-924j was published for arrow2 (Rust) May 30, 2025
Para Server Logs Sensitive Information Moderate
GHSA-v75g-77vf-6jjq was published for com.erudika:para-server (Maven) May 30, 2025
Moodle SSRF Vulnerability High
CVE-2019-6970 was published for moodle/moodle (Composer) May 14, 2022
Mattermost fails to properly enforce access control restrictions for System Manager roles Low
CVE-2025-3611 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly invalidate personal access tokens upon user deactivation Moderate
CVE-2025-3230 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to clear Google OAuth credentials Moderate
CVE-2025-2571 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly enforce access controls for guest users Low
CVE-2025-1792 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
PyTorch Improper Resource Shutdown or Release vulnerability Moderate
CVE-2025-3730 was published for torch (pip) Apr 16, 2025
PyTorch susceptible to local Denial of Service Low
CVE-2025-2953 was published for torch (pip) Mar 30, 2025
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
Unsafe yaml deserialization in llama-hub Critical
CVE-2024-23730 was published for llama-hub (pip) Jan 21, 2024
r3kumar
Exposure of sensitive information in ClickHouse High
CVE-2024-23689 was published for com.clickhouse:clickhouse-client (Maven) Jan 19, 2024
Session fixation in Enonic XP Critical
CVE-2024-23679 was published for com.enonic.xp:lib-auth (Maven) Jan 19, 2024
WEBRick vulnerable to HTTP Request/Response Smuggling High
CVE-2020-25613 was published for webrick (RubyGems) May 24, 2022
decsecre583
Duplicate Advisory: Bundled libwebp in Pillow vulnerable High
GHSA-56pw-mpj4-fxww was published for pillow (pip) Oct 5, 2023 withdrawn
dsten56
Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server Moderate
CVE-2025-48938 was published for github.com/cli/go-gh/v2 (Go) May 30, 2025
andyfeller BagToad
babakks matt- shilpakum vcsjones
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database