Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,407 advisories

Loading
Mattermost fails to properly enforce access control restrictions for System Manager roles Low
CVE-2025-3611 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly enforce access controls for guest users Low
CVE-2025-1792 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
PyTorch susceptible to local Denial of Service Low
CVE-2025-2953 was published for torch (pip) Mar 30, 2025
Information exposure in Next.js dev server due to lack of origin verification Low
CVE-2025-48068 was published for next (npm) May 28, 2025
sapphi-red R4356th
Traefik allows path traversal using url encoding Low
CVE-2025-47952 was published for github.com/traefik/traefik (Go) May 28, 2025
antonjanrutten
Apache Tomcat - CGI security constraint bypass Low
CVE-2025-46701 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 29, 2025
October CMS vulnerable to Potential Host Header Poisoning on misconfigured servers Low
CVE-2021-21265 was published for october/backend (Composer) Mar 10, 2021
decsecre583
plugin.yaml file allows for duplicate entries in helm Low
CVE-2020-15187 was published for helm.sh/helm (Go) May 24, 2021
decsecre583
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching Low
CVE-2025-46570 was published for vllm (pip) May 28, 2025
russellb dr75
DarkLight1337
Twig has unguarded calls to `__toString()` when nesting an object into an array Low
CVE-2024-51754 was published for twig/twig (Composer) Nov 6, 2024
maantje fabpot
Jenkins BigPanda Notifier Plugin Missing Password Field Masking Low
CVE-2022-41248 was published for org.jenkins-ci.plugins:bigpanda-jenkins (Maven) Sep 22, 2022
NotMyFault
auth-js Vulnerable to Insecure Path Routing from Malformed User Input Low
CVE-2025-48370 was published for @supabase/auth-js (npm) May 27, 2025
kos0ng
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling Low
CVE-2021-41136 was published for puma (RubyGems) Oct 12, 2021
asta12 mattiasgrenfeldt
decsecre583
Hackney fails to properly release HTTP connections to the pool Low
CVE-2025-3864 was published for hackney (Erlang) May 28, 2025
Fess has Insecure Temporary File Permissions Low
CVE-2025-48382 was published for org.codelibs.fess:fess (Maven) May 27, 2025
simei2k yusuke-koyoshi
SCSIR has a Potential Unsound Issue in WriteSameCommand Low
CVE-2025-48756 was published for scsir (Rust) May 24, 2025
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content Low
CVE-2025-46653 was published for formidable (npm) Apr 26, 2025
qwilr-altonius diego-santacruz
memory_pages division by zero Low
CVE-2025-48754 was published for memory_pages (Rust) May 24, 2025
Process Sync has a Potential Unsound Issue in SharedMutex Low
CVE-2025-48752 was published for process-sync (Rust) May 24, 2025
process_lock has a Potential Unsound issue in unlock Low
CVE-2025-48751 was published for process_lock (Rust) May 24, 2025
October CMS Allows Unprotected SVG Rename in Media Manager Low
CVE-2024-51991 was published for october/october (Composer) May 5, 2025
Cyber-Wo0dy
Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability Low
CVE-2025-26646 was published for Microsoft.Build.Tasks.Core (NuGet) May 13, 2025
udlose
DNN site Import could use an external source with a crafted request Low
CVE-2025-48376 was published for DotNetNuke.SiteExportImport (NuGet) May 23, 2025
valadas donker
bdukes
Xuxueli xxl-job template injection vulnerability Low
CVE-2024-3366 was published for com.xuxueli:xxl-job-core (Maven) Apr 6, 2024
AnonySE26
Ackites KillWxapkg Zip Bomb Resource Exhaustion Low
CVE-2025-5031 was published for github.com/Ackites/KillWxapkg (Go) May 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database