Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

10,560 advisories

Loading
Withdrawn Advisory: CodeIgniter4 Cross-Site Scripting Vulnerability in debugbar_time Parameter Moderate
CVE-2025-45406 was published for codeigniter4/framework (Composer) Jul 25, 2025 withdrawn
michalsn
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code Moderate
CVE-2025-55013 was published for assemblyline-service-client (pip) Jul 25, 2025
serexp
Calibre Web and Autocaliweb have OS Command Injection vulnerability Moderate
CVE-2025-7404 was published for calibreweb (pip) Jul 24, 2025
gelbphoenix
Mezzanine CMS vulnerable to Cross-site Scripting Moderate
CVE-2025-50481 was published for Mezzanine (pip) Jul 23, 2025
Possible ORM Leak Vulnerability in the Harbor Moderate
CVE-2025-30086 was published for github.com/goharbor/harbor (Go) Jul 23, 2025
Harbor repository description page has Cross-site Scripting vulnerability Moderate
CVE-2025-32019 was published for github.com/goharbor/harbor (Go) Jul 23, 2025
Ollama vulnerable to Cross-Domain Token Exposure Moderate
CVE-2025-51471 was published for github.com/ollama/ollama (Go) Jul 22, 2025
Dagster Local File Inclusion vulnerability Moderate
CVE-2025-51481 was published for dagster (pip) Jul 22, 2025
Aim vulnerable to Cross-site Scripting Moderate
CVE-2025-51464 was published for aim (pip) Jul 22, 2025
Powermail extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7899 was published for in2code/powermail (Composer) Jul 22, 2025
Femanager extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7900 was published for in2code/femanager (Composer) Jul 22, 2025
HAX CMS application pages vulnerable to clickjacking Moderate
CVE-2025-54139 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 21, 2025
lfgberg odransfield
Starlette has possible denial-of-service vector when parsing large files in multipart forms Moderate
CVE-2025-54121 was published for starlette (pip) Jul 21, 2025
HonakerM defnull
wai25
Jakarta Mail vulnerable to SMTP Injection Moderate
CVE-2025-7962 was published for org.eclipse.angus:smtp (Maven) Jul 21, 2025
Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server Moderate
CVE-2025-49656 was published for org.apache.jena:jena-fuseki (Maven) Jul 21, 2025
melange's world-writable permissions expose SBOM files to potential image tampering Moderate
CVE-2025-54059 was published for chainguard.dev/melange (Go) Jul 18, 2025
markusboehme egibs
codyharris-h2o-ai stevebeattie eslerm
Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled) Moderate
GHSA-83j7-mhw9-388w was published for org.keycloak:keycloak-services (Maven) Jul 18, 2025 withdrawn
Filemanager is vulnerable to Relative Path Traversal through filemanager.php Moderate
CVE-2025-46002 was published for simogeo/filemanager (Composer) Jul 18, 2025
Mattermost Path Traversal vulnerability Moderate
CVE-2025-6233 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
Mattermost Missing Authentication for Critical Function Moderate
CVE-2025-6226 was published for github.com/mattermost/mattermost-server (Go) Jul 18, 2025
OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers Moderate
CVE-2025-54070 was published for @openzeppelin/contracts (npm) Jul 17, 2025
DiracX-Web is vulnerable to attack through an Open Redirect on its login page Moderate
CVE-2025-54066 was published for @dirac-grid/diracx-web-components (npm) Jul 17, 2025
Robin-Van-de-Merghel
Grafana's insecure DingDing Alert integration exposes sensitive information Moderate
CVE-2025-3415 was published for github.com/grafana/grafana (Go) Jul 17, 2025
vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes Moderate
CVE-2025-53892 was published for @intlify/core (npm) Jul 16, 2025
luoingly
Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts Moderate
CVE-2024-9342 was published for org.glassfish.main.admingui:console-common (Maven) Jul 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database