Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,439
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,695
Pub
13
RubyGems
1,031
Rust
1,222
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,660 advisories

Loading
Mitmweb API Authentication Bypass Using Proxy Server High
CVE-2025-23217 was published for mitmproxy (pip) Feb 6, 2025
gronke Credited to gronke and mhils mhils mhils
Apache James vulnerable to denial of service through JMAP HTML to text conversion High
CVE-2024-45626 was published for org.apache.james:james-server-jmap-draft (Maven) Feb 6, 2025
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
node-opcua-alarm-condition prototype pollution vulnerability High
CVE-2024-57086 was published for node-opcua-alarm-condition (npm) Feb 6, 2025
axi92 Credited to axi92
vxe-table prototype pollution High
CVE-2024-57080 was published for vxe-table (npm) Feb 6, 2025
@stryker-mutator/util vulnerable to Prototype Pollution High
CVE-2024-57085 was published for @stryker-mutator/util (npm) Feb 6, 2025
saip-loginsoft Credited to saip-loginsoft and saip007 saip007 saip007
@rpldy/uploader prototype pollution High
CVE-2024-57082 was published for @rpldy/uploader (npm) Feb 6, 2025
yoavniran Credited to yoavniran
@zag-js/core prototype pollution High
CVE-2024-57079 was published for @zag-js/core (npm) Feb 6, 2025
taraspos Credited to taraspos
Netplex Json-smart Uncontrolled Recursion vulnerability High
CVE-2024-57699 was published for net.minidev:json-smart (Maven) Feb 6, 2025
yeikel Credited to yeikel
utils-extend Prototype Pollution Critical
CVE-2024-57077 was published for utils-extend (npm) Feb 6, 2025
dsimk Credited to dsimk
eazy-logger prototype pollution High
CVE-2024-57075 was published for eazy-logger (npm) Feb 6, 2025
RDIL Credited to RDIL and FeBe95 FeBe95 FeBe95
@ndhoule/defaults prototype pollution High
CVE-2024-57066 was published for @ndhoule/defaults (npm) Feb 6, 2025
@tanstack/form-core prototype pollution High
CVE-2024-57068 was published for @tanstack/form-core (npm) Feb 6, 2025
Balastrong Credited to Balastrong
module-from-string prototype pollution High
CVE-2024-57072 was published for module-from-string (npm) Feb 6, 2025
Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting) Moderate
GHSA-9x4v-xfq5-m8x5 was published for better-auth (npm) Feb 5, 2025
Eriner Credited to Eriner
Plenti - Code Injection - Denial of Services Moderate
CVE-2025-26260 was published for github.com/plentico/plenti (Go) Feb 5, 2025
ahmetak4n Credited to ahmetak4n
Contrast's unauthenticated recovery allows Coordinator impersonation High
GHSA-vqv5-385r-2hf8 was published for github.com/edgelesssys/contrast (Go) Feb 5, 2025
3u13r Credited to 3u13r, burgerdev, and katexochen burgerdev burgerdev
katexochen katexochen
Keycloak on Quarkus CLI option for encrypted JGroups ignored Moderate
CVE-2024-10973 was published for org.keycloak:keycloak-quarkus-server (Maven) Feb 5, 2025
MobSF Local Privilege Escalation High
CVE-2025-24805 was published for mobsf (pip) Feb 5, 2025
MobSF Partial Denial of Service (DoS) High
CVE-2025-24804 was published for mobsf (pip) Feb 5, 2025
MobSF Stored Cross-Site Scripting (XSS) High
CVE-2025-24803 was published for mobsf (pip) Feb 5, 2025
CKAN has an XSS vector in user uploaded images in group/org and user profiles High
CVE-2025-24372 was published for ckan (pip) Feb 5, 2025
m4dn355 Credited to m4dn355
GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions Critical
CVE-2024-36404 was published for org.geotools.xsd:gt-xsd-core (Maven) Feb 5, 2025
sikeoka Credited to sikeoka and jodygarnett jodygarnett jodygarnett
Browsershot Path Traversal High
CVE-2025-1022 was published for spatie/browsershot (Composer) Feb 5, 2025
Browsershot Local File Inclusion Moderate
CVE-2025-1026 was published for spatie/browsershot (Composer) Feb 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database