Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

434 advisories

Loading
Next.js Content Injection Vulnerability for Image Optimization Moderate
CVE-2025-55173 was published for next (npm) Aug 29, 2025
kristianmagas medikoo
TinyEnv: Inline comments not stripped properly in .env values Moderate
CVE-2025-58759 was published for datahihi1/tiny-env (Composer) Sep 9, 2025
github.com/google/nftable IP addresses were encoded in the wrong byte order Moderate
CVE-2024-6284 was published for github.com/google/nftables (Go) Jul 4, 2024
Element Plus Link component (el-link) implements insufficient input validation for the href attribute Moderate
CVE-2025-57665 was published for element-plus (npm) Sep 9, 2025
Vaadin Platform possible file bypass via upload validation on the server-side Moderate
GHSA-c7v7-rqfm-f44j was published for com.vaadin:vaadin (Maven) Sep 4, 2025
Vaadin Flow Components possible file bypass via upload validation on the server-side Moderate
GHSA-94g8-xv23-7656 was published for com.vaadin:vaadin-upload-flow (Maven) Sep 4, 2025
Vaadin Framework possible file bypass via upload validation on the server-side Moderate
CVE-2025-9467 was published for com.vaadin:vaadin-server (Maven) Sep 4, 2025
Spoofing attack in swagger-ui Moderate
CVE-2018-25031 was published for org.webjars:swagger-ui (Maven) Mar 12, 2022
AndrzejBiernacki2010
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication Moderate
CVE-2025-52894 was published for github.com/openbao/openbao (Go) Jun 26, 2025
cipherboy
uv allows ZIP payload obfuscation through parsing differentials Moderate
CVE-2025-54368 was published for uv (pip) Aug 7, 2025
charliermarsh zanieb
woodruffw thatch calebbrown
Apache Tomcat Improper Input Validation vulnerability Moderate
CVE-2023-45648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 mpihelgas
Apache CXF: Untrusted JMS configuration can lead to RCE Moderate
CVE-2025-48913 was published for org.apache.cxf:cxf-rt-transports-jms (Maven) Aug 8, 2025
Ollama allows deletion of arbitrary files Moderate
CVE-2025-44779 was published for github.com/ollama/ollama (Go) Aug 7, 2025
Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page Moderate
CVE-2025-8571 was published for concrete5/concrete5 (Composer) Aug 6, 2025
Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string Moderate
CVE-2024-52279 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Aug 3, 2025
Crash due to uncontrolled recursion in protobuf crate Moderate
CVE-2025-53605 was published for protobuf (Rust) Mar 7, 2025
morningstarxcdcode
Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check Moderate
CVE-2025-53652 was published for org.jenkins-ci.tools:git-parameter (Maven) Jul 9, 2025
Denied Host Validation Bypass in Zitadel Actions Moderate
CVE-2024-49753 was published for github.com/zitadel/zitadel (Go) Oct 25, 2024
prdp1137 livio-a
fforootd
Improper Input Validation in Jakarta Expression Language Moderate
CVE-2021-28170 was published for com.sun.el:el-ri (Maven) Oct 6, 2021
levpachmanov
Keycloak vulnerable to Improper Certificate Validation Moderate
CVE-2020-35509 was published for org.keycloak:keycloak-core (Maven) Aug 24, 2022
Apache Ranger has Stored Cross-site Scripting vulnerability in Edit Service Page Moderate
CVE-2024-45478 was published for org.apache.ranger:ranger (Maven) Jan 22, 2025
HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability Moderate
CVE-2025-5173 was published for label-studio-ml (pip) May 26, 2025
pypickle unsafe deserialization vulnerability Moderate
CVE-2025-5174 was published for pypickle (pip) May 26, 2025
Laravel Rest Api has a Search Validation Bypass Moderate
CVE-2025-48490 was published for lomkit/laravel-rest-api (Composer) May 27, 2025
edepauw
vLLM Tool Schema allows DoS via Malformed pattern and type Fields Moderate
CVE-2025-48944 was published for vllm (pip) May 28, 2025
russellb Jason-CKY
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database