Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,542 advisories

Loading
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization Low
CVE-2025-6279 was published for upsonic (pip) Jun 19, 2025
PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion Low
CVE-2025-48059 was published for com.powsybl:powsybl-contingency-api (Maven) Jun 19, 2025
arthurscchan AdamKorcz
rolnico olperr1
PowSyBl Core XML Reader allows XXE and SSRF Low
CVE-2025-47293 was published for com.powsybl:powsybl-commons (Maven) Jun 19, 2025
AdamKorcz arthurscchan
rolnico olperr1
Apache SeaTunnel: Unauthenticated insecure access Low
CVE-2025-32896 was published for org.apache.seatunnel:seatunnel-engine-common (Maven) Jun 19, 2025
Grafana long dashboard title or panel name causes unresponsives Low
CVE-2025-1088 was published for github.com/grafana/grafana (Go) Jun 18, 2025
Withdrawn Advisory: microlight allows a denial of service Low
CVE-2025-45526 was published for microlight (npm) Jun 17, 2025 withdrawn
Qix-
Withdrawn Advisory: microlight.js has a null pointer dereference vulnerability Low
CVE-2025-45525 was published for microlight (npm) Jun 17, 2025 withdrawn
ash_authentication_phoenix has Insufficient Session Expiration Low
CVE-2025-4754 was published for ash_authentication_phoenix (Erlang) Jun 17, 2025
jimsynz zachdaniel
mbuhot maennchen
Weblate exposes personal IP address via e-mail Low
CVE-2025-49134 was published for weblate (pip) Jun 16, 2025
amCap1712 nijel
handcraftedinthealps/goodby-csv has Potential Gadget Chain allowing Remote Code Execution Low
CVE-2025-49597 was published for handcraftedinthealps/goodby-csv (Composer) Jun 13, 2025
mcdruid
Vantage6 Server JWT secret not cryptographically secure Low
CVE-2025-43866 was published for vantage6-server (pip) Jun 12, 2025
vantage6 lacks brute-force protection on change password functionality Low
CVE-2025-43863 was published for vantage6 (pip) Jun 12, 2025
Mattermost allows guest users to view information about public teams they are not members of Low
CVE-2025-4128 was published for github.com/mattermost/mattermost-server (Go) Jun 11, 2025
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
CVE-2025-8556 was published for github.com/cloudflare/circl (Go) Jun 10, 2025
pm2 Regular Expression Denial of Service vulnerability Low
CVE-2025-5891 was published for pm2 (npm) Jun 9, 2025
mhassan1
brace-expansion Regular Expression Denial of Service vulnerability Low
CVE-2025-5889 was published for brace-expansion (npm) Jun 9, 2025
turi4200 carboneater
viceice
SpiceDB checks involving relations with caveats can result in no permission when permission is expected Low
CVE-2025-49011 was published for github.com/authzed/spicedb (Go) Jun 6, 2025
miparnisari
anon-vec lacks sufficient checks in public API Low
GHSA-pr59-jjr4-gcf6 was published for anon-vec (Rust) Jun 5, 2025
Mattermost fails to properly enforce access controls for guest users Low
CVE-2025-1792 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly enforce access control restrictions for System Manager roles Low
CVE-2025-3611 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Apache Tomcat - CGI security constraint bypass Low
CVE-2025-46701 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 29, 2025
Gradio CORS Origin Validation Bypass Vulnerability Low
CVE-2025-5320 was published for gradio (pip) May 29, 2025
Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution Low
CVE-2025-5321 was published for aim (pip) May 29, 2025
Information exposure in Next.js dev server due to lack of origin verification Low
CVE-2025-48068 was published for next (npm) May 28, 2025
sapphi-red R4356th
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching Low
CVE-2025-46570 was published for vllm (pip) May 28, 2025
russellb dr75
DarkLight1337
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database