Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,437
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,695
Pub
13
RubyGems
1,031
Rust
1,222
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,656 advisories

Loading
pimcore/customer-data-framework vulnerable to SQL Injection Moderate
CVE-2024-11956 was published for pimcore/customer-management-framework-bundle (Composer) Jan 28, 2025
maeitsec Credited to maeitsec
Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document High
CVE-2024-11954 was published for pimcore/pimcore (Composer) Jan 28, 2025
maeitsec Credited to maeitsec
OpenShift GitOps Operator Namespace Isolation Break High
CVE-2024-13484 was published for github.com/redhat-developer/gitops-operator (Go) Jan 28, 2025
svghadi Credited to svghadi
ismp-grandpa crate accepted incorrect signatures Critical
CVE-2025-24800 was published for grandpa-verifier (Rust) Jan 28, 2025
Insecure Temporary File usage in github.com/golang/glog Moderate
CVE-2024-45339 was published for github.com/golang/glog (Go) Jan 28, 2025
Duplicate Advisory: Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document Moderate
GHSA-8m2r-x2m2-3wmw was published for pimcore/pimcore (Composer) Jan 28, 2025 withdrawn
Duplicate Advisory: pimcore/customer-data-framework vulnerable to SQL Injection: Hibernate Moderate
GHSA-8m8m-98c9-vw7q was published for pimcore/customer-data-framework (Composer) Jan 28, 2025 withdrawn
CRI-O Path Traversal vulnerability Moderate
CVE-2025-0750 was published for github.com/cri-o/cri-o (Go) Jan 28, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
Infinispan vulnerable to Insertion of Sensitive Information into Log File Moderate
CVE-2025-0736 was published for org.infinispan:infinispan-parent (Maven) Jan 28, 2025
vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator High
CVE-2025-24357 was published for vllm (pip) Jan 27, 2025
DogeWatch Credited to DogeWatch and russellb russellb russellb
imgproxy is vulnerable to SSRF against 0.0.0.0 Moderate
CVE-2025-24354 was published for github.com/imgproxy/imgproxy (Go) Jan 27, 2025
phannguyenlong Credited to phannguyenlong, Benasin, and benaubin Benasin Benasin
benaubin benaubin
Dolibarr Cross-site Scripting vulnerability Low
CVE-2024-55227 was published for dolibarr/dolibarr (Composer) Jan 27, 2025
Dolibarr Cross-site Scripting vulnerability Low
CVE-2024-55228 was published for dolibarr/dolibarr (Composer) Jan 27, 2025
Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator Low
CVE-2025-24783 was published for org.apache.cocoon:cocoon-forms-impl (Maven) Jan 27, 2025
uniapi version 1.0.7 contained an information harvesting script. High
GHSA-gvvw-rr8m-fj76 was published for uniapi (pip) Jan 27, 2025
Opening a malicious website while running a Nuxt dev server could allow read-only access to code Moderate
CVE-2025-24361 was published for @nuxt/rspack-builder (npm) Jan 27, 2025
sapphi-red Credited to sapphi-red
Opening a malicious website while running a Nuxt dev server could allow read-only access to code Moderate
CVE-2025-24360 was published for @nuxt/vite-builder (npm) Jan 27, 2025
sapphi-red Credited to sapphi-red
Apache Solr Relative Path Traversal vulnerability Moderate
CVE-2024-52012 was published for org.apache.solr:solr-core (Maven) Jan 27, 2025
Apache Solr vulnerable to Execution with Unnecessary Privileges High
CVE-2025-24814 was published for org.apache.solr:solr-core (Maven) Jan 27, 2025
NodeBB Cross-site scripting (XSS) vulnerability Moderate
CVE-2024-57041 was published for nodebb (npm) Jan 24, 2025
HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information Moderate
CVE-2025-24363 was published for org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli (Maven) Jan 24, 2025
pat-ryan-health Credited to pat-ryan-health
ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape High
CVE-2025-24359 was published for asteval (pip) Jan 24, 2025
SteakEnthusiast Credited to SteakEnthusiast
Updatecli exposes Maven credentials in console output High
CVE-2025-24355 was published for github.com/updatecli/updatecli (Go) Jan 24, 2025
gionn Credited to gionn and olblak olblak olblak
GitHub PAT written to debug artifacts High
CVE-2025-24362 was published for github/codeql-action (GitHub Actions) Jan 24, 2025
jstawinski Credited to jstawinski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database