Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times Moderate
CVE-2025-31135 was published for github.com/phires/go-guerrilla (Go) Apr 1, 2025
Zenexer
Credited to Zenexer
Synapse vulnerable to federation denial of service via malformed events High
CVE-2025-30355 was published for matrix-synapse (pip) Mar 27, 2025
Frappe has Possibility of Remote Code Execution due to improper validation Moderate
CVE-2025-30213 was published for frappe (pip) Mar 25, 2025
yeuchimse
Credited to yeuchimse
ingress-nginx controller - auth secret file path traversal vulnerability Moderate
CVE-2025-24513 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
Credited to dor-hayun
ingress-nginx controller - configuration injection via unsanitized auth-url annotation High
CVE-2025-24514 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
Credited to dor-hayun
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation High
CVE-2025-1097 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
Credited to dor-hayun
ingress-nginx controller - configuration injection via unsanitized mirror annotations High
CVE-2025-1098 was published for k8s.io/ingress-nginx (Go) Mar 25, 2025
dor-hayun
Credited to dor-hayun
API Platform Core does not call GraphQl securityAfterResolver Moderate
CVE-2025-23204 was published for api-platform/core (Composer) Mar 24, 2025
soyuka vinceAmstoutz
ausi
Credited to soyuka, vinceAmstoutz, and ausi
yiisoft Yii2 Deserialization of Untrusted Data Moderate
CVE-2025-2689 was published for yiisoft/yii2-dev (Composer) Mar 24, 2025
aizuda snail-job Vulnerable to Deserialization via `nodeExpression` Argument Moderate
CVE-2025-2622 was published for com.aizuda:snail-job (Maven) Mar 22, 2025
go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment Low
CVE-2025-29923 was published for github.com/redis/go-redis/v9 (Go) Mar 20, 2025
Kedro allows Remote Code Execution by Pulling Micro Packages High
CVE-2024-12215 was published for kedro (pip) Mar 20, 2025
GluonCV Arbitrary File Write via TarSlip High
CVE-2024-12216 was published for gluoncv (pip) Mar 20, 2025
InvokeAI Arbitrary File Deletion vulnerability Critical
CVE-2024-11042 was published for InvokeAI (pip) Mar 20, 2025
Kubernetes GitRepo Volume Inadvertent Local Repository Access Moderate
CVE-2025-1767 was published for k8s.io/kubernetes (Go) Mar 13, 2025
Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API Moderate
CVE-2024-9042 was published for k8s.io/kubernetes (Go) Mar 13, 2025
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net Moderate
CVE-2025-22870 was published for golang.org/x/net (Go) Mar 12, 2025
Concrete CMS affected by a stored XSS in Folder Function.The "Add Folder" functionality Moderate
CVE-2025-0660 was published for concrete5/concrete5 (Composer) Mar 10, 2025
Crash due to uncontrolled recursion in protobuf crate Moderate
CVE-2025-53605 was published for protobuf (Rust) Mar 7, 2025
morningstarxcdcode
Credited to morningstarxcdcode
Volt Allows RCE Via User-Crafted Requests Critical
CVE-2025-27517 was published for livewire/volt (Composer) Mar 5, 2025
angelej
Credited to angelej
Keycloak allows cross-site scripting (XSS) Low
CVE-2024-4028 was published for org.keycloak:keycloak-core (Maven) Feb 18, 2025
SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine High
CVE-2025-24970 was published for io.netty:netty-handler (Maven) Feb 10, 2025
johnou
Credited to johnou
Apache James vulnerable to denial of service through the use of IMAP literals High
CVE-2024-37358 was published for org.apache.james.protocols:protocols-imap (Maven) Feb 6, 2025
Browsershot Local File Inclusion Moderate
CVE-2025-1026 was published for spatie/browsershot (Composer) Feb 5, 2025
Browsershot Path Traversal High
CVE-2025-1022 was published for spatie/browsershot (Composer) Feb 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database